{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch13\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe2052{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f3\froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}
{\f4\fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Helvetica;}{\f13\fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt \'cb\'ce\'cc\'e5};}{\f37\fnil\fcharset134\fprq2{\*\panose 02010600030101010101}@SimSun;}
{\f40\fnil\fcharset128\fprq0{\*\panose 00000000000000000000}TimesNewRomanPSMT{\*\falt MS Mincho};}{\f41\froman\fcharset77\fprq0{\*\panose 00000000000000000000}TimesNewRomanPS-BoldMT{\*\falt Times New Roman};}
{\f42\froman\fcharset77\fprq0{\*\panose 00000000000000000000}TimesNewRomanPS-ItalicMT{\*\falt Times New Roman};}{\f58\fswiss\fcharset0\fprq2{\*\panose 020b0a04020102020204}Arial Black;}
{\f223\fswiss\fcharset77\fprq0{\*\panose 00000000000000000000}Arial-BoldMT;}{\f224\fmodern\fcharset77\fprq0{\*\panose 00000000000000000000}CourierNewPSMT;}{\f229\fnil\fcharset128\fprq0{\*\panose 00000000000000000000}@TimesNewRomanPSMT;}
{\f231\froman\fcharset238\fprq2 Times New Roman CE;}{\f232\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f234\froman\fcharset161\fprq2 Times New Roman Greek;}{\f235\froman\fcharset162\fprq2 Times New Roman Tur;}
{\f236\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f237\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f238\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f239\froman\fcharset163\fprq2 Times New Roman (Vietnamese);}
{\f271\fswiss\fcharset238\fprq2 Helvetica CE;}{\f272\fswiss\fcharset204\fprq2 Helvetica Cyr;}{\f274\fswiss\fcharset161\fprq2 Helvetica Greek;}{\f275\fswiss\fcharset162\fprq2 Helvetica Tur;}{\f276\fbidi \fswiss\fcharset177\fprq2 Helvetica (Hebrew);}
{\f277\fbidi \fswiss\fcharset178\fprq2 Helvetica (Arabic);}{\f278\fswiss\fcharset186\fprq2 Helvetica Baltic;}{\f279\fswiss\fcharset163\fprq2 Helvetica (Vietnamese);}{\f363\fnil\fcharset0\fprq2 SimSun Western{\*\falt \'cb\'ce\'cc\'e5};}
{\f603\fnil\fcharset0\fprq2 @SimSun Western;}{\f633\fnil\fcharset0\fprq0 TimesNewRomanPSMT Western{\*\falt MS Mincho};}{\f811\fswiss\fcharset238\fprq2 Arial Black CE;}{\f812\fswiss\fcharset204\fprq2 Arial Black Cyr;}
{\f814\fswiss\fcharset161\fprq2 Arial Black Greek;}{\f815\fswiss\fcharset162\fprq2 Arial Black Tur;}{\f818\fswiss\fcharset186\fprq2 Arial Black Baltic;}{\f2523\fnil\fcharset0\fprq0 @TimesNewRomanPSMT Western;}}{\colortbl;\red0\green0\blue0;
\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;
\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af0\afs24\alang1025 \ltrch\fcs0 
\fs24\lang1033\langfe2052\loch\f0\hich\af0\dbch\af13\cgrid\langnp1033\langfenp2052 \snext0 Normal;}{\*\cs10 \additive \ssemihidden Default Paragraph Font;}{\*
\ts11\tsrowd\trftsWidthB3\trpaddl108\trpaddr108\trpaddfl3\trpaddft3\trpaddfb3\trpaddfr3\tblind0\tblindtype3\tscellwidthfts0\tsvertalt\tsbrdrt\tsbrdrl\tsbrdrb\tsbrdrr\tsbrdrdgl\tsbrdrdgr\tsbrdrh\tsbrdrv 
\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af0\afs20 \ltrch\fcs0 \fs20\lang1024\langfe1024\cgrid\langnp1024\langfenp1024 \snext11 \ssemihidden Normal Table;}{\s15\ql \li0\ri0\sl360\slmult1
\nowidctlpar\wrapdefault\hyphpar0\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af58\afs24\alang1025 \ltrch\fcs0 \fs24\lang1033\langfe255\loch\f58\hich\af58\dbch\af58\cgrid\langnp1033\langfenp255 \sbasedon0 \snext15 \styrsid5843469 
Body Text;}}{\*\latentstyles\lsdstimax156\lsdlockeddef0}{\*\rsidtbl \rsid26313\rsid336913\rsid663733\rsid1406478\rsid2166532\rsid2390209\rsid2774553\rsid3701115\rsid5338724\rsid5843469\rsid6097161\rsid6175356\rsid7407906\rsid8133661\rsid9778638
\rsid11301976\rsid11499266\rsid12066268\rsid12391254\rsid12653443\rsid13181361\rsid13961312\rsid15677670\rsid16147816}{\*\generator Microsoft Word 11.0.8134;}{\info{\author Jiang}{\operator Jiang}{\creatim\yr2007\mo7\dy31\hr8\min37}
{\revtim\yr2007\mo10\dy1\hr15\min45}{\version16}{\edmins298}{\nofpages23}{\nofwords8468}{\nofchars48274}{\*\company UAMS}{\nofcharsws56629}{\vern24611}{\*\password 00000000}}{\*\xmlnstbl {\xmlns1 http://schemas.microsoft.com/office/word/2003/wordml}
{\xmlns2 urn:schemas-microsoft-com:office:smarttags}}\paperw12240\paperh15840\margl1800\margr1800\margt1440\margb1440\gutter0\ltrsect 
\widowctrl\ftnbj\aenddoc\donotembedsysfont0\donotembedlingdata1\grfdocevents0\validatexml0\showplaceholdtext0\ignoremixedcontent0\saveinvalidxml0\showxmlerrors0\horzdoc\dghspace120\dgvspace120\dghorigin1701\dgvorigin1984\dghshow0\dgvshow3
\jcompress\viewkind1\viewscale100\rsidroot6175356 \fet0{\*\wgrffmtfilter 013f}\ilfomacatclnup0\ltrpar \sectd \ltrsect\linex0\sectdefaultcl\sftnbj {\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl2
\pnucltr\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang {\pntxta )}}{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl6
\pnlcltr\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl8\pnlcltr\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang 
{\pntxtb (}{\pntxta )}}\pard\plain \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 \rtlch\fcs1 \af0\afs24\alang1025 \ltrch\fcs0 \fs24\lang1033\langfe2052\loch\af0\hich\af0\dbch\af13\cgrid\langnp1033\langfenp2052 {\rtlch\fcs1 \ab\af223 
\ltrch\fcs0 \b\f223\insrsid11499266 \hich\af223\dbch\af13\loch\f223 Off-the-Record Secure Chat-room via Pu\hich\af223\dbch\af13\loch\f223 blic IM Services
\par \hich\af223\dbch\af13\loch\f223 By Jiang Bian
\par \hich\af223\dbch\af13\loch\f223 Advised b}{\rtlch\fcs1 \ab\af223 \ltrch\fcs0 \b\f223\insrsid6175356 \hich\af223\dbch\af13\loch\f223 y Remzi Seker Ph.D 
\par }{\rtlch\fcs1 \ab\af223 \ltrch\fcs0 \b\f223\insrsid11499266 \hich\af223\dbch\af13\loch\f223 Associate Professor}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af223\dbch\af40\insrsid11499266 
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0 Thesis draft for the degree of Master of Sci\hich\af0\dbch\af40\loch\f0 ence in Computer Sciences, {\*\xmlopen\xmlns2{\factoidname PlaceType}}University
{\*\xmlclose} of {\*\xmlopen\xmlns2{\factoidname PlaceName}}Arkansas{\*\xmlclose} at {\*\xmlopen\xmlns2{\factoidname place}}{\*\xmlopen\xmlns2{\factoidname City}}Little Rock{\*\xmlclose}{\*\xmlclose}
\par \hich\af0\dbch\af40\loch\f0 July 31, 2007
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af223\dbch\af40\insrsid11499266 
\par }{\rtlch\fcs1 \ab\af223 \ltrch\fcs0 \b\loch\af223\hich\af223\dbch\af40\insrsid11499266 \hich\af223\dbch\af40\loch\f223 Abstract
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0 This thesis proposes a solution into the implementation of on-line chat-room environments that ensures the privacy protection o}{\rtlch\fcs1 \af0 
\ltrch\fcs0 \dbch\af40\insrsid6175356 \hich\af0\dbch\af40\loch\f0 f such services and provides an }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0 
off-the-record feature. Instant Messaging (IM) is becoming an integral part of social as we\hich\af0\dbch\af40\loch\f0 
ll as business life. The main concern with IM systems is that the information being transmitted is easily accessible. Some protection could be achieved with the use of a secure tunneling (i.e. VPN etc.). Nevertheless, even the use of VPN-like technologies
\hich\af0\dbch\af40\loch\f0  \hich\af0\dbch\af40\loch\f0 
does not provide end-to-end secrecy. Off-the-record (OTR), designed by Borisov. N et al. is a protocol which enable IM users to have private conversations over the insecure public Internet by placing additional security layers. [5] However, the OTR protoc
\hich\af0\dbch\af40\loch\f0 o\hich\af0\dbch\af40\loch\f0 
l currently does not support multi-user chat rooms via various popular IM services and there is such a need, a product, which provides users the opportunity to meet in an IM-based, virtual, and encrypted }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\dbch\af40\insrsid6175356 \hich\af0\dbch\af40\loch\f0 e\hich\af0\dbch\af40\loch\f0 nvironment}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0 . This project implements }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\dbch\af40\insrsid6175356 \hich\af0\dbch\af40\loch\f0 a\hich\af0\dbch\af40\loch\f0 n}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0  extension of \hich\af0\dbch\af40\loch\f0 
the two-party OTR protocol, named Group OTR}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid6175356 \hich\af0\dbch\af40\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \loch\af0\hich\af0\dbch\f40 \emdash }{\rtlch\fcs1 
\af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0 GOTR. GOTR }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid6175356 \hich\af0\dbch\af40\loch\f0 protocol }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0 enables users to have a free and secure multi-user communication environment with no proprietary software requirement. Th}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid663733 
\hich\af0\dbch\af40\loch\f0 e}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0  case study }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid663733 \hich\af0\dbch\af40\loch\f0 in this thesis }{
\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0 describes a proof of concept }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid663733 \hich\af0\dbch\af40\loch\f0 GOTR }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0 plug-in }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid663733 \hich\af0\dbch\af40\loch\f0 developed for}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 
\hich\af0\dbch\af40\loch\f0  the Pidg\hich\af0\dbch\af40\loch\f0 in }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid663733 \hich\af0\dbch\af40\loch\f0 IM \hich\af0\dbch\af40\loch\f0 platform}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\dbch\af40\insrsid663733\charrsid6175356 \hich\af0\dbch\af40\loch\f0  [}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 \hich\af0\dbch\af40\loch\f0 9]. Such a product is believed to be beneficial to }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\dbch\af40\insrsid663733 \hich\af0\dbch\af40\loch\f0 open \hich\af0\dbch\af40\loch\f0 source\hich\af0\dbch\af40\loch\f0  \hich\af0\dbch\af40\loch\f0 project teams as well as }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid6175356 
\hich\af0\dbch\af40\loch\f0 small businesses \hich\af0\dbch\af40\loch\f0 to keep their privacy and their competitiveness.}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af223\dbch\af40\insrsid11499266 
\par 
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs36 \ltrch\fcs0 \b\fs36\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 1\~Introduction
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid663733 \hich\af0\dbch\af40\loch\f0 Instant }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid663733\charrsid663733 
\hich\af0\dbch\af40\loch\f0 Messaging (}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid663733 \hich\af0\dbch\af40\loch\f0 IM) is }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid663733 \hich\af0\dbch\af40\loch\f0 merely a text
\hich\af0\dbch\af40\loch\f0 -based}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid663733 \hich\af0\dbch\af40\loch\f0  real-time }{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid663733 \hich\af0\dbch\af40\loch\f0 online 
\hich\af0\dbch\af40\loch\f0 communication system}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid663733 \hich\af0\dbch\af40\loch\f0 .}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid663733 
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid663733\charrsid14244201 \hich\af0\dbch\af13\loch\f0 It start\hich\af0\dbch\af13\loch\f0 ed in the 1970s on UNIX like systems to help communication}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid663733 
\hich\af0\dbch\af13\loch\f0 s}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid663733\charrsid14244201 \hich\af0\dbch\af13\loch\f0  among multi-users logged on}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid663733 \hich\af0\dbch\af13\loch\f0  the same}{\rtlch\fcs1 \af0 
\ltrch\fcs0 \insrsid663733\charrsid14244201 \hich\af0\dbch\af13\loch\f0  machine. Later it rapidly spread on the local network, then across the contemporary Internet\hich\af0\dbch\af13\loch\f0 .}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\dbch\af40\insrsid11499266\charrsid663733 \hich\af0\dbch\af40\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 IM systems }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 have }
{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 l\hich\af0\dbch\af13\loch\f0 ots of}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  advantages over other communication environm
\hich\af0\dbch\af13\loch\f0 ents, these can be listed as:}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 rapid delivery}{\rtlch\fcs1 
\af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  with almost no delays}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 ,}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0  wide us}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 age}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  and eas}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469 \hich\af0\dbch\af13\loch\f0 e of}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 accessibility, cost}{\rtlch\fcs1 \af0 
\ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 -effective}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 ness}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  
}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 (}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 virtually no cost}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\hich\af0\dbch\af13\loch\f0 ), and being }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 less intrusive than phone calls but more interactive th}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\hich\af0\dbch\af13\loch\f0 a}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 n emails}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 .}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 On the other hand, security concer\hich\af0\dbch\af13\loch\f0 
ns such as protecting messages from malicious users still remain to be addressed for the majority of proprietary IM systems.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469 \hich\af0\dbch\af13\loch\f0 Since messages are being sent through the public internet, unless the messages are encrypted, they can easily be captured}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 and acces\hich\af0\dbch\af13\loch\f0 sed by an eavesdropper.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \dbch\af40\insrsid11499266\charrsid663733 
\hich\af0\dbch\af40\loch\f0  Given the status quo of measures implemented for privacy mai\hich\af0\dbch\af40\loch\f0 ntenance or intellectual property, there is still much space for improvement in this area.}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par 
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 Some of the widely }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid5843469 \hich\af0\dbch\af13\loch\f0 used \hich\af0\dbch\af13\loch\f0 IM systems i
\hich\af0\dbch\af13\loch\f0 nclude: }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 Windows Live Messenger [*] (i.e. former named Microsoft Network Messenger or MSN Messenger; but re-branded as a branch of }{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 the }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 Wi\hich\af0\dbch\af13\loch\f0 ndows Live family), AOL Instant Messenger (}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 AIM) [*], Google Talk [*], etc. }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 Some}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0  popular Instant Messaging systems }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 not only }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 
support peer-to-peer \hich\af0\dbch\af13\loch\f0 communication}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  (between two individuals)}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 , but also have}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  built-in}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  chat}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 
 room }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 facilities}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 . A}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0 n\hich\af0\dbch\af13\loch\f0  online chat room system is merely an extended form of }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 a }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0 two-party IM conversation. Multiple users can join or be invited to a single chat session and talk at the same time; every message }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 is}{\rtlch\fcs1 \af0 
\ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  multicast to }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 each}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0  user instantly. }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 Moreover, chat room communicati\hich\af0\dbch\af13\loch\f0 on provides a better mechanism}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 for }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 exchang}{\rtlch\fcs1 
\af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 ing}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  ideas and }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 having}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 multi-party }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0 discussions than }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 that of a}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  conventional teleconferenc}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 ing}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  system. In a teleconference, it would be noise and even anno}{\rtlch\fcs1 \af0 
\ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 ying if more than one person tried}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  to speak simultaneously and }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469 \hich\af0\dbch\af13\loch\f0 one would have extreme difficulty in keeping}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  track }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\hich\af0\dbch\af13\loch\f0 of }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 the conversation }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 (}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 except }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 to }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 have it recorded}
{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 )}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 . Even }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 if 
\hich\af0\dbch\af13\loch\f0 an audio transcript }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 of a teleconference}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  session}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  exists}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 , searching for the right content is }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469 \hich\af0\dbch\af13\loch\f0 not straightforward}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 . }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 While}{\rtlch\fcs1 
\af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  in a chat room system, }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 one }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0 can easily go back and look for a specific }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 set of messages}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  }
{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 from a specific user.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\par 
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid5843469 \hich\af0\dbch\af13\loch\f0 These systems are changing the way people communicate with friends, family and even business partners. Nevertheless, confidentialit\hich\af0\dbch\af13\loch\f0 
y has not been addressed completely in the IM environment. Most IM protocols were implemented on the top of an existing public Internet service, where there is no guarantee of the secrecy of the transmitted messages. A message exchanged between users sitt
\hich\af0\dbch\af13\loch\f0 i\hich\af0\dbch\af13\loch\f0 
ng next to each other may still need travel a path through several routers. If there is no proper encryption and/or authentication in place, messages are almost open to any eavesdropping, account hijacking, man-in-the-middle, denial of service, and simila
\hich\af0\dbch\af13\loch\f0 r\hich\af0\dbch\af13\loch\f0  types of attacks that is potentially harmful for most of the current distributed network applications.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266 
\par }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0\pararsid13961312 {\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 Despite the advantages }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\hich\af0\dbch\af13\loch\f0 it offers, }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 chat room technology }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 
has not been fully utilized by the }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 business }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 communit\hich\af0\dbch\af13\loch\f0 y}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 . \hich\af0\dbch\af13\loch\f0 The authors of this paper suspect that m}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 
any corporations are hesitant to adopt}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  chat room system}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 s}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  as their main communication tool}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 ,}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0  because of }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 the potential }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 leaking }{\rtlch\fcs1 \af0 
\ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 of a }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 company\hich\f0 \rquote \loch\f0 s business secrets and }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469 \hich\af0\dbch\af13\loch\f0 intellectual }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 properties. It is }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 possible to}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  isolate\hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 a}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  company\hich\f0 \rquote \loch\f0 s network physically from the public Internet, but }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 
this isolation can get complex and costly, }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 if }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 the }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 compan}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 y}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 
\ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 has physically distributed }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 locations}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\hich\af0\dbch\af13\loch\f0  (\hich\af0\dbch\af13\loch\f0 small businesses usually cannot afford such technologies)}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 . }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid5843469 \hich\af0\dbch\af13\loch\f0 Based on the aforemen\hich\af0\dbch\af13\loch\f0 tioned difficulties}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 , there is \hich\af0\dbch\af13\loch\f0 need }{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 for}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  a secure chat room system }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\hich\af0\dbch\af13\loch\f0 which can save on the }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0 cost}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  of communication
\hich\af0\dbch\af13\loch\f0  and prevent the losing of}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  priva}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 te}{\rtlch\fcs1 \af0 
\ltrch\fcs0 \insrsid5843469\charrsid14244201 \hich\af0\dbch\af13\loch\f0  and competitive}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  data}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid14244201 
\hich\af0\dbch\af13\loch\f0 .}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469\charrsid13961312 \hich\af0\dbch\af13\loch\f0 
Unveiling the company secrets may harm its competitive advantages and result in capital loss.}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 1.1\~History and Architecture of IM systems

\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0\pararsid13961312 {\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0 One could probably consider Internet Relay Chat (IRC) [4] as the first}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  real online chat room as well as}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0  I}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\hich\af0\dbch\af13\loch\f0 nstant }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0 M}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 essaging}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0 . IRC provides a real-time communication service among a group of people regardless of their physical locations. In IRC, each participant starts with connecting to a ce}{\rtlch\fcs1 \af0 
\ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 ntralized IRC server and joins different}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0  channel}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\hich\af0\dbch\af13\loch\f0 s\hich\af0\dbch\af13\loch\f0  (or sometimes called }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0 topic}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 s}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0 ). There are \hich\af0\dbch\af13\loch\f0 basically two types }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0 of conversations in IRC}{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid2390209 \hich\af0\dbch\af13\loch\f0 .\hich\af0\dbch\af13\loch\f0  You can either talk}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid2390209 
\hich\af0\dbch\af13\loch\f0 in a}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0 public}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 
\hich\af0\dbch\af13\loch\f0  channel}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid2390209 \hich\af0\dbch\af13\loch\f0 ,}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0  in which messages }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid2390209 \hich\af0\dbch\af13\loch\f0 can be}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0  read}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid5843469 \hich\af0\dbch\af13\loch\f0  by \hich\af0\dbch\af13\loch\f0 
everyone}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid2390209 \hich\af0\dbch\af13\loch\f0  just}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0  like discussing in a Bulletin Board System (BBS)}{\rtlch\fcs1 \af0 
\ltrch\fcs0 \insrsid2390209 \hich\af0\dbch\af13\loch\f0 ; or\hich\af0\dbch\af13\loch\f0  a message can be directly sent to another user w\hich\af0\dbch\af13\loch\f0 ithout third party\loch\af0\dbch\af13\hich\f0 \rquote \hich\af0\dbch\af13\loch\f0 s
\hich\af0\dbch\af13\loch\f0  intervention, which is \hich\af0\dbch\af13\loch\f0 more \hich\af0\dbch\af13\loch\f0 like\hich\af0\dbch\af13\loch\f0  the\hich\af0\dbch\af13\loch\f0  \hich\af0\dbch\af13\loch\f0 contemporary\hich\af0\dbch\af13\loch\f0 
 peer-to-peer IM\hich\af0\dbch\af13\loch\f0  system\hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0 
[3]. In the late 1990s, the modern, internet-wide, GUI-based IM systems began to take off with ICQ (1996) being the first, followed by AIM, MSN, Yahoo Messenger, Google Talk etc. These systems share an identical co\hich\af0\dbch\af13\loch\f0 ncept and }{
\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid2390209 \hich\af0\dbch\af13\loch\f0 also }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0 
provide similar services including real-time text message chat (peer-to-peer or/and chat room), file transfer and so on.
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0\pararsid13961312 {\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 \hich\af0\dbch\af13\loch\f0 Instant Messaging is a typical client-server 
\hich\af0\dbch\af13\loch\f0 application\hich\af0\dbch\af13\loch\f0  }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid2390209 \hich\af0\dbch\af13\loch\f0 in \hich\af0\dbch\af13\loch\f0 which }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 
\hich\af0\dbch\af13\loch\f0 clients }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid2390209 \hich\af0\dbch\af13\loch\f0 are \hich\af0\dbch\af13\loch\f0 separate\hich\af0\dbch\af13\loch\f0 d }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266\charrsid13961312 
\hich\af0\dbch\af13\loch\f0 from the server\hich\af0\dbch\af13\loch\f0  over a computer network. And as such it can be partitioned into two fundamental communication models:
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Client-Server-Client (CSC):}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  }{
\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 All messages \hich\af0\dbch\af58\loch\f0 need to go through a centralized server regardless of the type of mess}{
\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11301976 \hich\af0\dbch\af58\loch\f0 ages. I\hich\af0\dbch\af58\loch\f0 t could be\hich\af0\dbch\af58\loch\f0  either\hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 
system \hich\af0\dbch\af58\loch\f0 message\hich\af0\dbch\af58\loch\f0 s\hich\af0\dbch\af58\loch\f0  (i.e. \hich\af0\dbch\af58\loch\f0 the messages}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 
\hich\af0\dbch\af58\loch\f0  that are taking place between the client and the server to exchange status information like: users buddy lists, IP addresses, client status, etc.) or the actual conversation payload}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid3701115 \hich\af0\dbch\af58\loch\f0 s}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 . }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid13181361 \hich\af0\dbch\af58\loch\f0 However, \hich\af0\dbch\af58\loch\f0 t}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 
\hich\af0\dbch\af58\loch\f0 his model \hich\af0\dbch\af58\loch\f0 increases the bandwidth and CPU power usage of the server}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid13181361 \hich\af0\dbch\af58\loch\f0 
, which can cause serious performance penalty}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 . And the privacy}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid13181361 \hich\af0\dbch\af58\loch\f0  protection}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 
 issue is also concerned by the public, since the IM service companies can audit all the ongoing communication through \hich\af0\dbch\af58\loch\f0 their servers.}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par 
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid7407906 \hich\af41\dbch\af40\loch\f41 Centralized }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Peer-to-Peer}{
\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid7407906 \hich\af41\dbch\af40\loch\f41  \hich\af41\dbch\af40\loch\f41 (CPP)}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 
\hich\af0\dbch\af58\loch\f0 :\hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid7407906 \hich\af0\dbch\af58\loch\f0 Most of the \hich\af0\dbch\af58\loch\f0 contemporary\hich\af0\dbch\af58\loch\f0 
 \hich\af0\dbch\af58\loch\f0 IM system\hich\af0\dbch\af58\loch\f0 s are \hich\af0\dbch\af58\loch\f0 a\hich\af0\dbch\af58\loch\f0 ctually \hich\af0\dbch\af58\loch\f0 using }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid7407906 \hich\af0\dbch\af13\loch\f0 
centralized}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid7407906 \hich\af0\dbch\af13\loch\f0  peer-to-peer}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid7407906 \hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 
network model. }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 D\hich\af0\dbch\af58\loch\f0 i\hich\af0\dbch\af58\loch\f0 f\hich\af0\dbch\af58\loch\f0 f
\hich\af0\dbch\af58\loch\f0 e\hich\af0\dbch\af58\loch\f0 r\hich\af0\dbch\af58\loch\f0 e\hich\af0\dbch\af58\loch\f0 n\hich\af0\dbch\af58\loch\f0 t\hich\af0\dbch\af58\loch\f0 i\hich\af0\dbch\af58\loch\f0 a\hich\af0\dbch\af58\loch\f0 t
\hich\af0\dbch\af58\loch\f0 i\hich\af0\dbch\af58\loch\f0 n\hich\af0\dbch\af58\loch\f0 g\hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 f\hich\af0\dbch\af58\loch\f0 r\hich\af0\dbch\af58\loch\f0 o\hich\af0\dbch\af58\loch\f0 m
\hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid7407906 \hich\af0\dbch\af58\loch\f0 the }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 C\hich\af0\dbch\af58\loch\f0 S\hich\af0\dbch\af58\loch\f0 C\hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 a\hich\af0\dbch\af58\loch\f0 r
\hich\af0\dbch\af58\loch\f0 c\hich\af0\dbch\af58\loch\f0 h\hich\af0\dbch\af58\loch\f0 i\hich\af0\dbch\af58\loch\f0 t\hich\af0\dbch\af58\loch\f0 e\hich\af0\dbch\af58\loch\f0 c\hich\af0\dbch\af58\loch\f0 t\hich\af0\dbch\af58\loch\f0 u
\hich\af0\dbch\af58\loch\f0 r\hich\af0\dbch\af58\loch\f0 e}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid7407906 \hich\af0\dbch\af58\loch\f0 ,}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid8133661 \hich\af0\dbch\af58\loch\f0 the}{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid8133661 \hich\af0\dbch\af13\loch\f0  central server is used to keep}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid8133661 \hich\af0\dbch\af13\loch\f0  i}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid8133661 \hich\af0\dbch\af13\loch\f0 
nformation on peers and respond}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid8133661 \hich\af0\dbch\af13\loch\f0  to requests for that information}{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid8133661 \hich\af0\dbch\af13\loch\f0 . \hich\af0\dbch\af13\loch\f0 
Peers are responsible for exchanging the\hich\af0\dbch\af13\loch\f0  actually conversation payload.}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 
 For example, upon initiating a conversation, one user queries the server for another client}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid8133661 \loch\af0\dbch\af58\hich\f0 \rquote }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 s IP address and uses this information to estab\hich\af0\dbch\af58\loch\f0 
lish a communication channel directly with the other client. The real world scenario may be more complicated than this example, but they share the same concept.}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid8133661 
\hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 Specifically,\hich\af0\dbch\af58\loch\f0  for\hich\af0\dbch\af58\loch\f0  IM systems,}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 
\hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid2166532 \hich\af0\dbch\af58\loch\f0 the}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0  server \hich\af0\dbch\af58\loch\f0 store}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid26313 
\hich\af0\dbch\af58\loch\f0 s}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0  all user}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid26313 \hich\af0\dbch\af58\loch\f0 s}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid2166532 \hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 information \hich\af0\dbch\af58\loch\f0 of all registered c\hich\af0\dbch\af58\loch\f0 lients, such as user profile, client}{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid26313 \hich\af0\dbch\af58\loch\f0  computer\loch\af0\dbch\af58\hich\f0 \rquote }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 
\hich\af0\dbch\af58\loch\f0 s current IP, version of the cl}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid26313 \hich\af0\dbch\af58\loch\f0 ient software, etc. and responds to r\hich\af0\dbch\af58\loch\f0 
equests for these }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid11301976 \hich\af0\dbch\af58\loch\f0 fields.}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par 
\par }\pard \ltrpar\ql \li0\ri0\sb280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 1.2\~Potential Vulnerabilities in IM}{
\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid13961312 \hich\af41\dbch\af40\loch\f41  Systems}{\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 \hich\af0\dbch\af58\loch\f0 The message packages in }{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid2774553 \hich\af0\dbch\af58\loch\f0 t\hich\af0\dbch\af58\loch\f0 he \hich\af0\dbch\af58\loch\f0 contemporary}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 \hich\af0\dbch\af58\loch\f0 , internet-based, IM systems need to traverse throu\hich\af0\dbch\af58\loch\f0 gh the public networks regardless of the model and structure utilized. In 
}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid2774553 \hich\af0\dbch\af58\loch\f0 most of the public IM services}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 
\hich\af0\dbch\af58\loch\f0 , }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid2774553 \hich\af0\dbch\af58\loch\f0 t\hich\af0\dbch\af58\loch\f0 he}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 \hich\af0\dbch\af58\loch\f0  messages are not encrypted}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid5338724 \hich\af0\dbch\af58\loch\f0 .}{
\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 \hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid5338724 \hich\af0\dbch\af58\loch\f0 A}{
\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 \hich\af0\dbch\af58\loch\f0 n eavesdropper could easily stand }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid5338724 
\hich\af0\dbch\af58\loch\f0 i\hich\af0\dbch\af58\loch\f0 n}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 \hich\af0\dbch\af58\loch\f0  between \hich\af0\dbch\af58\loch\f0 
IM users, sniff their communication and read their }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid5338724 \hich\af0\dbch\af58\loch\f0 plain text }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 \hich\af0\dbch\af58\loch\f0 messages. Retrieving the\hich\af0\dbch\af58\loch\f0 
 contents of IM messages is a rather trivial task once one grabs the packets traversing in the network. Eavesdropping is considerably easier on a LAN network, since the packages are broadcast and every node could reach these distributed packets unless the
\hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 LAN network is switch based. }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12391254 \hich\af0\dbch\af58\loch\f0 Even\hich\af0\dbch\af58\loch\f0  
\hich\af0\dbch\af58\loch\f0 f}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 \hich\af0\dbch\af58\loch\f0 
or the switch based network, an eavesdropper could still sniff the traffic from the line that connects the switch to the router. There are also other available mechanisms for sniffing traffic on a switched LAN; however, it is }{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12391254 \hich\af0\dbch\af58\loch\f0 beyond the scope of this thesis}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid2166532 
\hich\af0\dbch\af58\loch\f0 . The discussion about an eavesdropper sniffing traffic here is to justify the need for protecting the content of the IM messages utilizing an encryption method. Nonetheless, the problem still remains unresolved as to 
\hich\af0\dbch\af58\loch\f0 how one would distribute the keys securely, as well as, how the identity of a user can be verified. 
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par }{\rtlch\fcs1 \ai\af42 \ltrch\fcs0 \i\loch\af42\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f42 Account Hijacking}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40  }{\rtlch\fcs1 
\af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid12066268 \hich\af0\dbch\af58\loch\f0 is }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \hich\af0\dbch\af58\loch\f0 a
\hich\af0\dbch\af58\loch\f0 n}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid12066268 \hich\af0\dbch\af58\loch\f0  attack by which one malicious user hijacks another user}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \loch\af0\dbch\af58\hich\f0 \rquote }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid12066268 \hich\af0\dbch\af58\loch\f0 
s IM account and impersonates that user in subsequent conversations\hich\af0\dbch\af58\loch\f0  with others. }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \hich\af0\dbch\af58\loch\f0 This}{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid12066268 \hich\af0\dbch\af58\loch\f0 
 attack is so successful, because of that most of the IM systems are using unsecured and vulnerable authentication mechanisms. For example, session identifiers, widely used by modern IM protocols, are not very difficult to forge. }{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \hich\af0\dbch\af58\loch\f0 With a little \hich\af0\dbch\af58\loch\f0 knowledge of \hich\af0\dbch\af58\loch\f0 reverse engineering\hich\af0\dbch\af58\loch\f0 , 
\hich\af0\dbch\af58\loch\f0 a}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid12066268 \hich\af0\dbch\af58\loch\f0 n attacker could easily produce a legal session key in accordance with the }{\rtlch\fcs1 
\af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \hich\af0\dbch\af58\loch\f0 valid\hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 format of such}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid12066268 \hich\af0\dbch\af58\loch\f0  identifier. A}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \hich\af0\dbch\af58\loch\f0  possible}{
\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid12066268 \hich\af0\dbch\af58\loch\f0  solution to avoid account-hijacking attack is to employ a}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \hich\af0\dbch\af58\loch\f0 n\hich\af0\dbch\af58\loch\f0 y\hich\af0\dbch\af58\loch\f0  appropriate}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid12066268 \hich\af0\dbch\af58\loch\f0  authentication }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \hich\af0\dbch\af58\loch\f0 mechanism}{
\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12653443 \hich\af0\dbch\af58\loch\f0  such as using digital signatures}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 
\hich\af0\dbch\af58\loch\f0 .}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12653443 \hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 A\hich\af0\dbch\af58\loch\f0 ttaching a\hich\af0\dbch\af58\loch\f0 
 digital signature}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 to each message will provide the \hich\af0\dbch\af58\loch\f0 receiver
\hich\af0\dbch\af58\loch\f0  a }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid9778638 \hich\af0\dbch\af58\loch\f0 s\hich\af0\dbch\af58\loch\f0 olid}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid12066268 \hich\af0\dbch\af58\loch\f0  way to verify}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid9778638 \hich\af0\dbch\af58\loch\f0  the identity of the originator
\hich\af0\dbch\af58\loch\f0 .\hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 SSL verification mechanism could also be used in IM systems\hich\af0\dbch\af58\loch\f0  to prevent Account Hijacking\hich\af0\dbch\af58\loch\f0 ,}{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid12066268 \hich\af0\dbch\af58\loch\f0  but this will involve purchasing a commercial \hich\af0\dbch\af58\loch\f0 license which will defeat the cost effective advantage of IMs.}{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40  
\par 
\par }{\rtlch\fcs1 \ai\af42 \ltrch\fcs0 \i\loch\af42\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f42 Man-in-}{\rtlch\fcs1 \ai\af42 \ltrch\fcs0 \i\loch\af42\hich\af42\dbch\af40\insrsid15677670 \hich\af42\dbch\af40\loch\f42 the-}{\rtlch\fcs1 
\ai\af42 \ltrch\fcs0 \i\loch\af42\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f42 middle attack}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40  }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 is }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid15677670\charrsid15677670 \hich\af0\dbch\af58\loch\f0 a
\hich\af0\dbch\af58\loch\f0 n}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0  attack that exposes}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid336913 \hich\af0\dbch\af58\loch\f0  the}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 
 improper key exchange scheme of a}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid336913 \hich\af0\dbch\af58\loch\f0  secure}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0  IM system.}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid336913 \hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 For instance, the Diffie-Hellman(D}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid1406478 
\hich\af0\dbch\af58\loch\f0 -}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 
H) [4] key agreement protocol, which is used by lots of secure IM products, is vulnerable to this attack.}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid336913 \hich\af0\dbch\af58\loch\f0  D\hich\af0\dbch\af58\loch\f0 -H 
\hich\af0\dbch\af58\loch\f0 is a cryptographic key agreement protocol\hich\af0\dbch\af58\loch\f0 , which allows t\hich\af0\dbch\af58\loch\f0 w\hich\af0\dbch\af58\loch\f0 o parties t\hich\af0\dbch\af58\loch\f0 o \hich\af0\dbch\af58\loch\f0 
establish a shared secret in an }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312 \hich\af0\dbch\af58\loch\f0 insecure}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid336913 
\hich\af0\dbch\af58\loch\f0  \hich\af0\dbch\af58\loch\f0 public communication channel.}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312 \hich\af0\dbch\af58\loch\f0 The shared secret then can be used as \hich\af0\dbch\af58\loch\f0 a \hich\af0\dbch\af58\loch\f0 symmetric encryption key \hich\af0\dbch\af58\loch\f0 t
\hich\af0\dbch\af58\loch\f0 o secure\hich\af0\dbch\af58\loch\f0  the \hich\af0\dbch\af58\loch\f0 sub\hich\af0\dbch\af58\loch\f0 sequent\hich\af0\dbch\af58\loch\f0  conversations.\hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 In }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312 \hich\af0\dbch\af58\loch\f0 a}{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid336913 \hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 D}{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid1406478 \hich\af0\dbch\af58\loch\f0 -}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312 \hich\af0\dbch\af58\loch\f0 H}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312\charrsid13961312 \hich\af0\dbch\af58\loch\f0 key negotiation}
{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 , initially, each of the two communicat\hich\af0\dbch\af58\loch\f0 
ion parties will generate a pair of keys, one private and}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312 \hich\af0\dbch\af58\loch\f0  one public, resp\hich\af0\dbch\af58\loch\f0 ectively. 
\hich\af0\dbch\af58\loch\f0 This pair of}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312\charrsid15677670 \hich\af0\dbch\af58\loch\f0  keys has}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0  the property that, any message encrypted by one user}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312 
\loch\af0\dbch\af58\hich\f0 \rquote }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 s public key can only be deciphered by his / her private key}{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266 \hich\af0\dbch\af58\loch\f0 . \hich\af0\dbch\af58\loch\f0 In cryptography, \hich\af0\dbch\af58\loch\f0 t}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312 \hich\af0\dbch\af58\loch\f0 his is }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266 \hich\af0\dbch\af58\loch\f0 called Diffie-He\hich\af0\dbch\af58\loch\f0 
llman \hich\af0\dbch\af58\loch\f0 Problem (\hich\af0\dbch\af58\loch\f0 DHP). \hich\af0\dbch\af58\loch\f0 By now, the most }{\rtlch\fcs1 \af0 \ltrch\fcs0 \insrsid11499266 \hich\af0\dbch\af13\loch\f0 efficient }{\rtlch\fcs1 \af0 \ltrch\fcs0 
\insrsid11499266 \hich\af0\dbch\af13\loch\f0 ways known to break\hich\af0\dbch\af13\loch\f0  the\hich\af0\dbch\af13\loch\f0  D-H \hich\af0\dbch\af13\loch\f0 protocol \hich\af0\dbch\af13\loch\f0 is to solve the underlined \hich\af0\dbch\af13\loch\f0 
mathematic\hich\af0\dbch\af13\loch\f0  equation-\hich\af0\dbch\af13\loch\f0 discrete \hich\af0\dbch\af13\loch\f0 logarithm\hich\af0\dbch\af13\loch\f0  problem\hich\af0\dbch\af13\loch\f0 -}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid13961312 \hich\af0\dbch\af58\loch\f0 which is }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266 \hich\af0\dbch\af58\loch\f0 to\hich\af0\dbch\af58\loch\f0  find
\hich\af0\dbch\af58\loch\f0  x given g\-}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\super\dbch\af58\langfenp255\insrsid11499266\charrsid11499266 \hich\af0\dbch\af58\loch\f0 x}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 .}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266 \hich\af0\dbch\af58\loch\f0  H\hich\af0\dbch\af58\loch\f0 owe
\hich\af0\dbch\af58\loch\f0 ver, this task is \hich\af0\dbch\af58\loch\f0 extremely\hich\af0\dbch\af58\loch\f0  intensive\hich\af0\dbch\af58\loch\f0  computation power\hich\af0\dbch\af58\loch\f0 .\hich\af0\dbch\af58\loch\f0  A\hich\af0\dbch\af58\loch\f0 
nd there is no easy solution has been found.\hich\af0\dbch\af58\loch\f0  }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 Therefore, two users could establish a pr
\hich\af0\dbch\af58\loch\f0 ivate tunnel by simply exchanging their public keys and encrypt the subsequent messages by using each other}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 
\loch\af0\hich\af0\dbch\f58 \'92}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 
s public key. In the perfect world, all messages are only readable to the one who has the right decryption key, which should be the one he / she int\hich\af0\dbch\af58\loch\f0 
ends to talk with. But lack of an authentication mechanism, the man-in-the-middle attack could happen in }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid6097161 \hich\af0\dbch\af58\loch\f0 D-H}{\rtlch\fcs1 \af58 
\ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0  protocol. For instance, let suppose that Alice and Bob want to communicate privately and they have generated their key pair. 
{\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname place}}Alice{\*\xmlclose}{\*\xmlclose} starts the }{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid6097161 \hich\af0\dbch\af58\loch\f0 D-H}{\rtlch\fcs1 
\af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0  key\hich\af0\dbch\af58\loch\f0 
 exchange process by sending her public key to Bob. But unfortunately, in case of an eavesdropper, Carol, intercepts {\*\xmlopen\xmlns2{\factoidname City}}Alice}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 {\*\xmlclose}\loch\af0\hich\af0\dbch\f58 \'92}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 
s public key message and replaces it with her own public key but using {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 {\*\xmlclose}{\*\xmlclose}\loch\af0\hich\af0\dbch\f58 \'92}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 
\hich\af0\dbch\af58\loch\f0 s identity. Upon receiving this message, Bob realizes th\hich\af0\dbch\af58\loch\f0 at {\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}
 wants to talk securely, however he cannot verify the identity and simply assumes that it is {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}. To finish the }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid6097161 \hich\af0\dbch\af58\loch\f0 D-H}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 
 key exchange stage, Bob replies with his public key, but Carol captures it also. Carol keeps this information and again sends her o\hich\af0\dbch\af58\loch\f0 wn key to {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice
{\*\xmlclose}{\*\xmlclose}. Eventually, Alice and Bob both have Carol}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \loch\af0\hich\af0\dbch\f58 \'92}{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 s public key and Carol has both theirs. As well as it has a fact that {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice
{\*\xmlclose}{\*\xmlclose} and Bob think they are talking to each other securely without the middleman, Carol. Carol could even go one step further \hich\af0\dbch\af58\loch\f0 
by modifying the messages and then re-encrypt with the appropriate key before delivering to the other party. As we emphasized, the lack of authentication scheme, which should be employed in the }{\rtlch\fcs1 \af58 \ltrch\fcs0 
\lang1033\langfe255\dbch\af58\langfenp255\insrsid6097161 \hich\af0\dbch\af58\loch\f0 D-H}{\rtlch\fcs1 \af58 \ltrch\fcs0 \lang1033\langfe255\dbch\af58\langfenp255\insrsid11499266\charrsid15677670 \hich\af0\dbch\af58\loch\f0 
 key agreement, allows aforementioned vulnerability. With mi\hich\af0\dbch\af58\loch\f0 nimal effort, this issue can be overcome by simply adding fingerprints (or digital signatures) to each message.
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 
\par \hich\af42\dbch\af40\loch\f40 The above-mentioned security breaches in the IM environment are usually addressed by making use of encryption and authentication algorithms. Ne\hich\af42\dbch\af40\loch\f40 
vertheless, utilizing only confidentiality and identification/authentication schemes are not good enough to provide an off-the-record (OTR) conversation environment, in which the deniability property is also satisfied. In 2004}{\rtlch\fcs1 \af40 
\ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 \loch\af40\hich\af42\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40 s Workshop on Privacy in the 
\hich\af42\dbch\af40\loch\f40 
Electronic Society (WPES), Borisov, N., et. al. proposed and implemented the OTR protocol [5]. In a later version of the OTR protocol, a few security flaws pointed out by Raimondo, et al [6] are fixed. OTR has two distinguishable security properties: perf
\hich\af42\dbch\af40\loch\f40 e\hich\af42\dbch\af40\loch\f40 ct forward secrecy and deniability. These features will be discussed in Section 2.
\par 
\par \hich\af42\dbch\af40\loch\f40 The OTR protocol provides a perfect secure and off-the-record conversation environment for two-party.}{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f4  }{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 In spite of this, OTR has missed a key feature, which supports chat ro\hich\af4\dbch\af40\loch\f40 
oms. Chat rooms, where several people can meet and talk virtually, are }{\rtlch\fcs1 \af40 \ltrch\fcs0 \cf1\loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 valueless }{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 
not only for personal user, but also for business life. Lots of corporations and organizations are seeking an effective communication system and tend to move forward from conventional teleconference to the cheaper, more efficient online meeting environmen
\hich\af4\dbch\af40\loch\f40 t\hich\af4\dbch\af40\loch\f40 
s, IM systems. For these companies, governments, and institutions, the protection of privacy is extremely critical. Therefore, our intention is to suit this need by utilizing the original two-party OTR protocol to create a guarded and riskless multi-user 
\hich\af4\dbch\af40\loch\f40 I\hich\af4\dbch\af40\loch\f40 M ambiance.
\par 
\par \hich\af4\dbch\af40\loch\f40 
Because of the high differential between a two-part conversation and a multi-user message exchange system, we are facing amount of unique problems in designing the security scheme. The growing size of chatting members apparently accumulates the complexity
\hich\af4\dbch\af40\loch\f40  \hich\af4\dbch\af40\loch\f40 
of the key exchanging mechanism, which would require more time and CPU power for both key distribution and encryption/decryption processes. Likewise, the synchronization of the shared keys is a further hurdle. Similar to the clock problem in distributed o
\hich\af4\dbch\af40\loch\f40 p\hich\af4\dbch\af40\loch\f40 
erating system (i.e. a universal clock system is unobtainable), it is hardly possible to generate and maintain an all-inclusive key among various users. We will go deep into these problems in Section 4, when we are presenting our application design in det
\hich\af4\dbch\af40\loch\f40 a\hich\af4\dbch\af40\loch\f40 il.
\par 
\par \hich\af4\dbch\af40\loch\f40 
This thesis is composed of four sections and the remaining sections are organized as follows: Section 2 presents a introduction of current popular mechanisms used for secure Instant Messaging; Section 3 discusses the main concepts behind the OTR proje
\hich\af4\dbch\af40\loch\f40 
ct and signifies the need for chat room support, a feature missing in the OTR protocol; Section 4 presents our implementation of secure group conversation based on the OTR protocol. Conclusion and future work are given in Section 5 and 6.
\par 
\par 
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs36 \ltrch\fcs0 \b\fs36\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 2 Related Works
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
Security in distributed applications is usually supported by five typical security services, which are defined by the International Organization for Standardization (ISO) as: access control/authorization, identification/authentication, confidentiality, in
\hich\af41\dbch\af40\loch\f40 
tegrity, and non-repudiation [7]. However, for an IM system, some security features need to be reconsidered, particularly, the non-repudiation. In order to enable IM users to talk off-the-record, deniability (repudiation) is needed instead of non-repudiat
\hich\af41\dbch\af40\loch\f40 i\hich\af41\dbch\af40\loch\f40 on. In other words, a user should have the ability to deny what he or she said in an off-the-record meeting. 
\par 
\par \hich\af41\dbch\af40\loch\f40 There are several open source projects and some commercial software has addressed or plan to take up the security weaknesses that exist in the cu\hich\af41\dbch\af40\loch\f40 
rrent IM systems. Security in these applications is, in general, supported by adding encryption and authentication schemes.
\par 
\par \hich\af41\dbch\af40\loch\f40 A few of such secure IM clients using today will be surveyed, and our focus is the ones that have encryption and/or authentication \hich\af41\dbch\af40\loch\f40 
support. A complete survey of all the clients is beyond the scope of this report.
\par 
\par \hich\af41\dbch\af40\loch\f40 SimPro is commercial software developed by Secway, a European company, providing privacy protection in IM systems. It includes the following key features:
\par }\pard \ltrpar\ql \li0\ri0\sb280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Encryption of mess\hich\af41\dbch\af40\loch\f40 ages 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Key infrastructure support for user authentication 
\par \hich\af41\dbch\af40\loch\f40 Encrypted file transfers for MSN and ICQ/AIM 
\par }\pard \ltrpar\ql \li0\ri0\sa280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Secured recording of conversations 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
Moreover, in SimPro, encryption algorithm and authentication key agreement can be customized by the users. The follo\hich\af41\dbch\af40\loch\f40 
wing symmetrical algorithms: AES (128 bits), 3DES (Triple DES, 128 bits), CAST (128 bits), Twofish (128 bits) and Serpent (128 bits), are provided for encrypting messages; and the asymmetrical algorithms such as, RSA (2048 or 4096 bits), Diffie-Hellman, E
\hich\af41\dbch\af40\loch\f40 l\hich\af41\dbch\af40\loch\f40 
Gamal/DSA, and Elliptic curves, are used for authentication and key agreement. In addition, the same company developed a lightweight IM security gateway for UNIX systems, named SimpServer. In the SimpServer system, all IM message packages are automaticall
\hich\af41\dbch\af40\loch\f40 y\hich\af41\dbch\af40\loch\f40  encrypted before transmitting. And it also provides a degree of message integrity check and identification verification. [8]
\par 
\par \hich\af41\dbch\af40\loch\f40 Pidgin-Encryption (formerly to be Gaim-Encryption) [10] is a plug-in made for Pidgin and it uses NSS (Network Security Services) \hich\af41\dbch\af40\loch\f40 
to provide transparent RSA encryption. It can automatically generate the public/private key pairs upon loading the plug-in and exchange the public keys during the initiation of conversations. Although Gaim-Encryption does not provide free choice of encryp
\hich\af41\dbch\af40\loch\f40 t\hich\af41\dbch\af40\loch\f40 
ion algorithms, it provides a fully documented Application Programming Interface (API) kit, which can be used as a wrapper and to extend Pidgin-Encryption to support more encryption algorithms. Obviously, without properly authenticating the participants, 
\hich\af41\dbch\af40\loch\f40 i\hich\af41\dbch\af40\loch\f40 t suffers from man-in-the-middle attacks.
\par 
\par \hich\af41\dbch\af40\loch\f40 
Gaim-e is another encryption plug-in for Gaim (i.e. Gaim has been renamed to Pidgin for some copyright issue.). It uses GNUPG (GPG) to securely transfer the session keys encrypted with RC5, a block cipher notable for its simplicity [11]. The Gaim-e plug-i
\hich\af41\dbch\af40\loch\f40 n\hich\af41\dbch\af40\loch\f40 
 currently works with AOL, MSN, and Yahoo IM systems (at the time of this writing, other protocols have not been tested) [12]. However, it has not been updated since its latest 2005 v2.7 release; therefore, it could not be used in the newest version of Pi
\hich\af41\dbch\af40\loch\f40 d\hich\af41\dbch\af40\loch\f40 gin.
\par 
\par \hich\af41\dbch\af40\loch\f40 
Trillian is IM client software with multi-protocol support (like Pidgin) [13]. In terms of privacy protection, it claimed to support secure IM communications on AIM and ICQ protocols.  Like most the others, authentication and encryption are sustained
\hich\af41\dbch\af40\loch\f40 . It uses the combination of }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid6097161 \hich\af41\dbch\af40\loch\f40 D-H}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40  asymmetrical key-exchange agreement with symmetrical 128 bits Blowfish cipher algorithm to secure the messages and assure the identification of identities. 
\par 
\par \hich\af41\dbch\af40\loch\f40 As the literature survey shows, most of the available products to \hich\af41\dbch\af40\loch\f40 
secure IM system only addressed part of the security services defined by the ISO. Often, message integrity, perfect forward secrecy, and deniability are not included. The next product we will survey examines these widely omitted concerns within the IM dom
\hich\af41\dbch\af40\loch\f40 a\hich\af41\dbch\af40\loch\f40 in.
\par 
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs36 \ltrch\fcs0 \b\fs36\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 3\~
Off-the-Record (OTR) Instant Messaging System
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
Borisov, N., et. al. proposed a comprehensive security solution, the OTR protocol [5], in order to overcome the weakness of  current IM systems. In practical, they implemented a plug-in for GAIM, and a l\hich\af41\dbch\af40\loch\f40 
ocal proxy which can be more widely used by other IM clients. The frame of the OTR protocol is based on the famous Deffie-Hellman key exchange agreement, but it has been improved to support much more security services. We will exam all these features late
\hich\af41\dbch\af40\loch\f40 r\hich\af41\dbch\af40\loch\f40 
 in this chapter. It is built upon a two-party key exchange protocol, wherefrom, all the OTR derived applications are limited to peer-to-peer conversations. OTR protocol related literature survey is given below for a better understanding of our Group OTR 
\hich\af41\dbch\af40\loch\f40 a\hich\af41\dbch\af40\loch\f40 pproach.}{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par 
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 3.1\~Basic concepts behind the OTR
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 The OTR protocol contains four basic cryptographic primitives: }{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \u8232\'3f}{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Perfect forward secrecy}
{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f4 [14] }{\rtlch\fcs1 \af40 
\ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 Confidentiality (i.e. only the two communicating parties, Alice and Bob, should be able to read the conversation messag\hich\af4\dbch\af40\loch\f40 
es), is introduced by using short-lived encryption/decryption key(s). The basic idea is that the two parities, Alice and Bob, should forget used keys after they process the old messages . It is computationally infeasible to generate the previously used ke
\hich\af4\dbch\af40\loch\f40 y\hich\af4\dbch\af40\loch\f40 
s from the current key and the long-term keys. The OTR mechanism guarantees that even if an eavesdropper has the current key and can compute the shared secret being used at the moment, the compromised current key does not allow decrypting and reading prev
\hich\af4\dbch\af40\loch\f40 i\hich\af4\dbch\af40\loch\f40 
ous messages. OTR improves the well known Diffie-Hellman key agreement protocol [15] to provide perfect forward secrecy. Each key is used to secure one message only and a new key is generated for transmitting the next message securely.
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Digital signatures a\hich\af41\dbch\af40\loch\f41 nd non-repudiation}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \endash }{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
 Digital signatures are used to make up for the lack of authentication in the Diffie-Hellman key agreement protocol. It is a popular approach in authentication protocols to use digital signatures that act as long-lived keys. These long-
\hich\af41\dbch\af40\loch\f40 
lived keys are solely for authentication purposes and are not used to encrypt IM messages in the OTR protocol. On the other hand, the signature along with the message leads to another problem. It enforces the non-repudiation property that the signatures c
\hich\af41\dbch\af40\loch\f40 a\hich\af41\dbch\af40\loch\f40 
n be verified by a third party without the cooperation of the owners, and this property conflicts the deniability service required by an OTR IM session. The solution is to use a Message Authentication Code (MAC) to authenticate the messages instead of the
\hich\af41\dbch\af40\loch\f40  \hich\af41\dbch\af40\loch\f40 user}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
s digital signature. In other words, the digital signatures authenticate the keys instead of the messages and authentication of keys provides the identification service, because only the person who has the right key can read the cipher texts. In the i
\hich\af41\dbch\af40\loch\f40 mplementation, the previous key is used to authenticate the new key at every key refreshing stage.
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Message Authentication Code (MAC) and deniability}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40  - Deniability is the ability to deny the content of conversations and it is addressed in the OTR protocol b\hich\af41\dbch\af40\loch\f40 
y using MACs. The way to generate each MAC is to use a one-way cryptographic hash function with a secret MAC key shared by conversation members. Alice uses her copy of the MAC key to compute a MAC of her message, and sends this MAC along with her message 
\hich\af41\dbch\af40\loch\f40 o\hich\af41\dbch\af40\loch\f40 
ver a secure transmission channel; Bob verifies the integrity and authenticity of the message by computing the MAC for the received message using his copy of the shared MAC key and comparing with the MAC sent by Alice [5]. Deniability is provided by using
\hich\af41\dbch\af40\loch\f40  \hich\af41\dbch\af40\loch\f40 these MACs for IM: Carol, a third party, cannot prove that the message was sent by {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}
, since she does not know the MAC key shared between Alice and Bob. Even Bob cannot make a proof to the public that the message is really came from {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}
. Both of them\hich\af41\dbch\af40\loch\f40  \hich\af41\dbch\af40\loch\f40 know the same MAC key, and so the message could have been forged by Bob.
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Malleable encryption and forgeability}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40  - Forgeability is a stronger property than repudiation provided by the OTR. Once a key expires, the associated MAC keys for message authenticatio\hich\af41\dbch\af40\loch\f40 
n are revealed. The reason for revealing old MAC keys is to allow forgeability of messages whose encryption keys have expired. This feature enhances the ability of {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice
{\*\xmlclose}{\*\xmlclose} to deny that the messages were sent by her, because anyone could calculate a MAC base\hich\af41\dbch\af40\loch\f40 d\hich\af41\dbch\af40\loch\f40  on a modified message (even though it}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
s encrypted) and validate it with one of the revealed MAC keys. OTR protocol uses a malleable encryption scheme (i.e. any change made to a cipher text will cause a meaningful change in the right position of the plaint\hich\af41\dbch\af40\loch\f40 
ext). Revealing of MAC keys together with a malleable encryption scheme, give a third party the ability to forge the messages sent by {\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose} and hence give {\*\xmlopen\xmlns2{\factoidname City}}
{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} the ability to deny sending those messages. Moreover, anyone who recovers the MAC key in the f\hich\af41\dbch\af40\loch\f40 u\hich\af41\dbch\af40\loch\f40 
ture is unable to verify the authenticity of the messages sent in the past, which means if somebody reads the messages it is not possible to track the messages' origin.
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 3.2\~Security Weakness in OTR
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Mario Di Raimondo, et al. [6] pointed out three major secu
\hich\af41\dbch\af40\loch\f40 rity flaws or vulnerabilities in the OTR protocol:
\par \hich\af41\dbch\af40\loch\f40 1) An authentication failure
\par \hich\af41\dbch\af40\loch\f40 2) A key refreshment flaw
\par \hich\af41\dbch\af40\loch\f40 3) The unreliable support of the deniability
\par 
\par \hich\af41\dbch\af40\loch\f40 First of all, OTR inherits a possible }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 identity misbinding}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  attack originally discovered by Diffie et al\hich\af41\dbch\af40\loch\f40 . [3] in their }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid6097161 
\hich\af41\dbch\af40\loch\f40 D-H}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
 protocol.  For example, similar to the man-in-the-middle attack, suppose that Eve stands between two end-users, Alice and Bob. If she attacks properly, Eve could manage to make {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}
Alice{\*\xmlclose}{\*\xmlclose} think she is talking to Bob but actually she is speakin\hich\af41\dbch\af40\loch\f40 
g to Eve. For a real life example, Eve can use this authentication flaw to mislead a customer, Alice, and a bank, Bob. In details, starting with the first message for the secure chat session, a signed public key (g}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\sub\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 x}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 , Sign}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\sub\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Alice }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 (gx)) is sent from {\*\xmlopen\xmlns2{\factoidname City}}
{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} to B\hich\af41\dbch\af40\loch\f40 ob. It is intercepted by Eve and relayed to Bob, but this time, signed with Eve}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
s own digital signature (i.e. Eve changes the signature part of {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 {\*\xmlclose}{\*\xmlclose}
\loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 s key message,  which results a new key package (g}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\sub\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 x}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 , Sign}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\sub\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Eve }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 (gx))). When Bob receives the signed (by Eve)
\hich\af41\dbch\af40\loch\f40  key, he thinks that he is talking to Eve, and sends a response with the signed key under his name. Eve relays this message back to {\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose} and gets 
{\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 {\*\xmlclose}{\*\xmlclose}\loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 
\ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 s confirmation, that the key is legal and the identity has been verified. After all, {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice
{\*\xmlclose}{\*\xmlclose} thinks Bob i\hich\af41\dbch\af40\loch\f40 
s on the other side, but actually she is talking to Eve; meanwhile Bob believes that he is having a conversation merely with Eve. One simple solution is to include identity information in the digital signature, but it will surely dismiss the deniability p
\hich\af41\dbch\af40\loch\f40 r\hich\af41\dbch\af40\loch\f40 operty.
\par 
\par \hich\af41\dbch\af40\loch\f40 
Additionally, the revealing of an ephemeral private key could cause an impersonation attack. An attacker could use this piece of information to produce a valid session key as long as the long-term keys are not re-invoked. Having this flaw defeats 
\hich\af41\dbch\af40\loch\f40 
the goal of a well-designed key protocol, where the only way for an attacker to impersonate into the conversation is the disclosure of the long-lived private key rather than a piece of information used in the session. It will be helpful to do full key ref
\hich\af41\dbch\af40\loch\f40 r\hich\af41\dbch\af40\loch\f40 
eshment periodically, which ensures that the revealing of an ephemeral private key of one conversation session will not affect the next fully refreshed one. Furthermore, the improper mechanism of revealing MAC keys weakens the secrecy of encryption keys. 
\hich\af41\dbch\af40\loch\f40 S\hich\af41\dbch\af40\loch\f40 ince the MAC keys are generated as a one-way hash over the encryption key, the attacker can easily use this knowledge to mount a }{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 dictionary attack}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
, although it is probably computationally too expensive. And, the choice of using stream cipher may also cau\hich\af41\dbch\af40\loch\f40 se troubles, especially, when one is trying to manage the encryption counters to avoid re-use of counter values.

\par 
\par \hich\af41\dbch\af40\loch\f40 Consequently, }{\rtlch\fcs1 \af4 \ltrch\fcs0 \loch\af4\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f4 Mario Di Raimondo, et al.}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 
\hich\af4\dbch\af40\loch\f40  suggested three alternate Authentication Key Exchange (AKE)  algorithms, SIGMA, SKEME [16] (i.e. which\hich\af4\dbch\af40\loch\f40  is an early voice of a protocol designed to provide deniability to IPsec}{\rtlch\fcs1 \af40 
\ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \loch\af40\hich\af4\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 
s IKE protocol.) and HMQV, and discussed both the advantage and disadvantage of using these three protocols.
\par 
\par \hich\af4\dbch\af40\loch\f40 This discussion leads the OTR developers reconsider their design, which resulted in a second version of the OTR protocol [17], where:
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\sb280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 
They fixed the identity-binding flaw (the impersonate attack vulnerability) simply by adding an additional identification message at the beginning of the conversation session. 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 
No longer revealing the users' public keys to passive eavesdroppers and this he\hich\af4\dbch\af40\loch\f40 lps in privacy-preserving for the internal application's OTR messages. 
\par }\pard \ltrpar\ql \li0\ri0\sa280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 
And, additionally, made a support of fragmentation OTR messages, since a lot of Instant Messaging protocols have limitation on each message's size. 
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 3.3\~Lack of Chat Room Support
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Chat \hich\af41\dbch\af40\loch\f40 
room systems are often utilized to increase business efficiency. Many small businesses use chat room (and/or IM) systems for business meetings, some even for customer service, etc. Utilizing such technologies cuts down the operation costs and enables empl
\hich\af41\dbch\af40\loch\f40 o\hich\af41\dbch\af40\loch\f40 yees to multi-task when necessary. Also, many Open-Source Software (OSS) project groups use IMs and chat rooms to conduct developer meeting. Most {\*\xmlopen\xmlns2{\factoidname City}}
{\*\xmlopen\xmlns2{\factoidname City}}OSS{\*\xmlclose}{\*\xmlclose} developers are volunteers around the world and most of such projects rely on donations and so there is vi\hich\af41\dbch\af40\loch\f40 r\hich\af41\dbch\af40\loch\f40 
tually no funded physical meeting opportunity. Despite all the advantages they have, there is no privacy protection built-in most contemporary chat room systems. It would be a great benefit to extend the OTR protocol to support a secure chat room facility
\hich\af41\dbch\af40\loch\f40 .
\par 
\par \hich\af41\dbch\af40\loch\f40 
Some IM systems have chat room support built into them. For example, MSN and Yahoo IM protocols support the chat room concept and once a user invites another user to an ad-hoc chat room, they can invite other parties to have a meeting in that established
\hich\af41\dbch\af40\loch\f40 
 chat room. Considering security related issues (associated with both IM systems and chat rooms) mentioned previously, it would be beneficial to extend the OTR protocol to support a secure chat room facility. A secure chat room that utilizes the existing 
\hich\af41\dbch\af40\loch\f40 I\hich\af41\dbch\af40\loch\f40 
M infrastructure would bear virtually no cost on the participants. An IM-based secure chat room will also avoid the need for a VPN or dedicating a local server and the challenges that come with having such systems and their management. Hence, we extend th
\hich\af41\dbch\af40\loch\f40 e\hich\af41\dbch\af40\loch\f40 
 OTR protocol with a scheme to support multiparty conversations and implemented a Pidgin plug-in. The current implementation only supports secure chat room over the MSN IM protocol, but we plan to support more popular IM systems in the near future.
\par 
\par }{\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 3.4 MS\hich\af41\dbch\af40\loch\f41 N protocol
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
The MSN Messenger [1], developed by Microsoft, was released in July, 1999. It became popular with the wide use of the Windows operating system. The end users}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  MSN applications are called an }{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 MSN Client}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 ; it connects to the }{\rtlch\fcs1 \af40 
\ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 MSN Server}{\rtlch\fcs1 \af40 
\ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  hosted by
\hich\af41\dbch\af40\loch\f40  Microsoft to acquire information about the user}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
s personal profile, buddy list and so on. Whenever a user modifies his/her profile, the client sends this information to the server and the server notifies other users in your buddy list.
\par 
\par \hich\af41\dbch\af40\loch\f40 The MSN protocol h\hich\af41\dbch\af40\loch\f40 as built in support for chat rooms. There are no major differences between a two-party conversation session (referred to as }{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 SwitchBoard}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
) and a chat room session other than the number of users in the session. If a user wants to invite another to the chat \hich\af41\dbch\af40\loch\f40 
room, s/he will send an invite command and the invited user will receive an RNG command containing the session id, buddy list of the chat room, etc. Notice that, all messages exchanged in the chat room session are broadcast to every user along with sender
}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
s account name, the message body and the timestamp.
\par 
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs36 \ltrch\fcs0 \b\fs36\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 4 Methodologies and Implementation
\par }{\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 4.1\~Initial Design}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
The main concept of our implementation is to create a virtual server. The term }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 virtual}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  is used in the context of acting where merely a normal membe\hich\af41\dbch\af40\loch\f40 
r playing the server role in the chat room. The server, which could be any one of the members in the same conversation session, will perform key exchanges with every other participant the same way as if s/he would for a regular peer-to-peer OTR conversati
\hich\af41\dbch\af40\loch\f40 o\hich\af41\dbch\af40\loch\f40 
n. Therefore, the virtual server is sharing a secret with other chat room members. In another words, every one other than the virtual server itself will establish a private channel, each having its own shared secret with the host. The server is responsibl
\hich\af41\dbch\af40\loch\f40 e\hich\af41\dbch\af40\loch\f40 
 for relaying and routing all the IM messages. This implies that the virtual server needs to process and deliver all the messages from any one member to every one else in the same chat room session, as shown in Figure 1. The idea is simple. It is similar 
\hich\af41\dbch\af40\loch\f40 t\hich\af41\dbch\af40\loch\f40 
o the scenario that happens in the WLAN network for DHCP system. When a computer joins an anonymous wireless network, it needs to make an IP address reservation first. The client computer will broadcast its request and the server will response with a spec
\hich\af41\dbch\af40\loch\f40 i\hich\af41\dbch\af40\loch\f40 
fic empty IP address slot. And therefore, they made a connection.  However, the major differential in our GOTR protocol is, the server broadcasts its request (i.e. request for a key exchanging) meanwhile informs every member that who is the virtual server
\hich\af41\dbch\af40\loch\f40 .\hich\af41\dbch\af40\loch\f40  .
\par 
\par \hich\af41\dbch\af40\loch\f40 For example, in a GOTR chat room, we have three joiners: Alice, Bob and Carol, and we suppose {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}
 to be the virtual server. Later on, after all the key-exchange processes conclude, we should have:
\par }\pard \ltrpar\ql \li0\ri0\sb280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Bob and Alice have a shared secret SS}{\rtlch\fcs1 \af40 
\ltrch\fcs0 \sub\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Alice}{\rtlch\fcs1 \af3 \ltrch\fcs0 \sub\loch\af3\hich\af3\dbch\af40\insrsid11499266 \loch\af3\dbch\af40\hich\f3 \'2d}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\sub\loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 Bob}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 . 
\par }\pard \ltrpar\ql \li0\ri0\sa280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 Caro\hich\af3\dbch\af40\loch\f40 
l and Alice have a shared secret SS}{\rtlch\fcs1 \af40 \ltrch\fcs0 \sub\loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 Alice}{\rtlch\fcs1 \af3 \ltrch\fcs0 \sub\loch\af3\hich\af3\dbch\af40\insrsid11499266 
\loch\af3\dbch\af40\hich\f3 \'2d}{\rtlch\fcs1 \af40 \ltrch\fcs0 \sub\loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 Carol}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 
. 
\par }\pard \ltrpar\qc \li360\ri0\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin360\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af3\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af3\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\qc \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 Figure 1: Schema 2: Make a virtual server in the middle
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 There comes to a
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Problem:}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  }{\rtlch\fcs1 \ai\af42 
\ltrch\fcs0 \i\loch\af42\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f42 How could Bob communicate with Carol?}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40  }{\rtlch\fcs1 
\af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 \loch\af40\hich\af42\dbch\f40 \u8232\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40 
Bob cannot send his GOTR encrypted messages directly to Carol since the two do not have a common secret, and even if he could, Carol would not be able to decrypt his messages and read them. It is true that they could start their own OTR session and talk t
\hich\af42\dbch\af40\loch\f40 o\hich\af42\dbch\af40\loch\f40  one another without {\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose} knowing ({\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}
 would not be able to see their messages).
\par \hich\af42\dbch\af40\loch\f40 But either way will defeat the purpose of a chat room. (i.e. every one in the same chat room should have the same screen of conversations.) However, both Bob and Carol, eac\hich\af42\dbch\af40\loch\f40 
h have a shared secret with the Virtual Server, Alice. Therefore Bob can send the OTR messages to {\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose} first and then {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice
{\*\xmlclose}{\*\xmlclose} decrypts Bob}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 \loch\af40\hich\af42\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 
\hich\af42\dbch\af40\loch\f40 s messages by using SS}{\rtlch\fcs1 \af40 \ltrch\fcs0 \sub\loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40 Alice}{\rtlch\fcs1 \af40 \ltrch\fcs0 \sub\loch\af40\hich\af42\dbch\af40\insrsid11499266 
\loch\af40\hich\af42\dbch\f40 \u8722\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 \sub\loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40 Bob}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af42\dbch\af40\insrsid11499266 
\hich\af42\dbch\af40\loch\f40 , re-encrypts them with SS}{\rtlch\fcs1 \af40 \ltrch\fcs0 \sub\loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40 Alice}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\sub\loch\af40\hich\af42\dbch\af40\insrsid11499266 \loch\af40\hich\af42\dbch\f40 \u8722\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 \sub\loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40 Carol }{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af42\dbch\af40\insrsid11499266 \hich\af42\dbch\af40\loch\f40 and gets done with sending them to Carol.  Now Ca\hich\af42\dbch\af40\loch\f40 
rol has no problem to decipher the messages. All of our GOTR implementation is based on this simple idea.}{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par 
\par }{\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 4.2\~Detail Design
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 
\par \hich\af41\dbch\af40\loch\f41 Design Problem 1:}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\loch\af40\hich\af41\dbch\f40 \u8232\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
The MSN IM protocol specifies that the messages sent out in a chat room are broadcast to every user in that IM \hich\af41\dbch\af40\loch\f40 
session. Therefore, in proposed design, it is hard to tell the real receiver of the message.  When a message goes through and is relayed by the virtual server, the MSN protocol is not really helpful to tell the end receiver where the message indeed came f
\hich\af41\dbch\af40\loch\f40 r\hich\af41\dbch\af40\loch\f40 
om. It could be a word said by the server itself or any other user in the chat room, since in either case the message has to be passed over by the server. In our virtual server scenario, a user only has the capability to decrypt the instant messages comin
\hich\af41\dbch\af40\loch\f40 g\hich\af41\dbch\af40\loch\f40 
 from the server and all other messages are discarded. Since only the senders explicitly know the messages are encrypted with which shared key and for whom, we need an identifier at the beginning of a message to determine the receiver of the message. Now,
\hich\af41\dbch\af40\loch\f40  \hich\af41\dbch\af40\loch\f40 we would like to show some more examples of our idea. Assume we have an OTR chat room via MSN IM system with three users: Alice, Bob, and Carol. Again, suppose that 
{\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} is the virtual server for this secure chat session. And thereupon, after the key exc\hich\af41\dbch\af40\loch\f40 h\hich\af41\dbch\af40\loch\f40 
ange stage, as we said in the previous example:
\par }\pard \ltrpar\ql \li0\ri0\sb280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Bob and Alice have a shared secret SS}{\rtlch\fcs1 \af40 
\ltrch\fcs0 \sub\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Alice}{\rtlch\fcs1 \af3 \ltrch\fcs0 \sub\loch\af3\hich\af3\dbch\af40\insrsid11499266 \loch\af3\dbch\af40\hich\f3 \'2d}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\sub\loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 Bob}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 . 
\par }\pard \ltrpar\ql \li0\ri0\sa280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 Carol and Alice have a shared secret SS}{\rtlch\fcs1 \af40 
\ltrch\fcs0 \sub\loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 Alice}{\rtlch\fcs1 \af3 \ltrch\fcs0 \sub\loch\af3\hich\af3\dbch\af40\insrsid11499266 \loch\af3\dbch\af40\hich\f3 \'2d}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\sub\loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 Carol}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af3\dbch\af40\insrsid11499266 \hich\af3\dbch\af40\loch\f40 . 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Example 1:}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  }{\rtlch\fcs1 \af40 
\ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \u8232\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
Alice, the virtual server, sends a message (no matter what kind of messages, including OTR s\hich\af41\dbch\af40\loch\f40 ystem messages, which are used for key management) to Bob,which should be encrypted with SSAlice}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \u8722\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Bob and formatted into the following manner:
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}\hich\af4\dbch\af40\loch\f4 Alice{\*\xmlclose}{\*\xmlclose}->Bob:
\par \hich\af4\dbch\af40\loch\f4 ?RECV?Bob@hotmail.com?ENDRECV?
\par \hich\af4\dbch\af40\loch\f4 + <Encrypted Message>
\par }\pard \ltrpar\qc \li0\ri0\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af224\afs20 \ltrch\fcs0 
\fs20\loch\af224\hich\af224\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 
When Carol receives this message, she will check the receiver tag (i.e. prefix of the encrypted messages) first and find out thatthe message is not hers (i.e. in terms of she can not decrypt it and read it) according to the account name in between }{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 RECV}{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40  a
\hich\af224\dbch\af40\loch\f40 nd }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 
\hich\af224\dbch\af40\loch\f40 ?ENDRECV?}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 
\hich\af224\dbch\af40\loch\f40 
 markers, she just discards this message. When Bob receives the same message, and after he checks the tag and finds out that the message does belong to him, he will send this message to the OTR message encryption and decryption routine (using
\hich\af224\dbch\af40\loch\f40  the OTR library) and use the secret shared between him and Alice (SSAlice}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \u8722\'3f}{\rtlch\fcs1 \af40 
\ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 Bob) successfully decode the message.
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Example 2:}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  }{\rtlch\fcs1 \af40 
\ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \u8232\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
Bob says something in the chat room, but Carol could not read it, since the two do not have a common shared key. Hence, Bob has to \hich\af41\dbch\af40\loch\f40 
send his message first to the virtual server, Alice, with the receiver tag [Alice@hotmail.com]. And the message will be something like this:
\par 
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f4 ?RECV?Alice@hotmail.com?ENDRECV?
\par \hich\af4\dbch\af40\loch\f4 + <Encrypted Message from Bob>
\par }\pard \ltrpar\qc \li0\ri0\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af224\afs20 \ltrch\fcs0 
\fs20\loch\af224\hich\af224\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 When {\*\xmlopen\xmlns2{\factoidname City}}
{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} receives the message, she will decrypt\hich\af224\dbch\af40\loch\f40  it with the key she shared with Bob (SSAlice}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \u8722\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 
Bob), write the message to her screen, then encrypt it again with SSAlice}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \u8722\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 Carol and set Carol to be the receiver as:
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par \hich\af4\dbch\af40\loch\f4 ?RECV?Carol@hotmail.com?ENDRECV?
\par \hich\af4\dbch\af40\loch\f4 + <Encrypted Message from {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}>
\par }\pard \ltrpar\qc \li0\ri0\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af224\afs20 \ltrch\fcs0 
\fs20\loch\af224\hich\af224\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 Now, on the Carol}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 s side,\hich\af224\dbch\af40\loch\f40 
 she will receive both messages encrypted with different keys, one from Bob and another one from {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}
. She will simply dismiss the first, since she does not know the right key; but process the second one to the decryption routine and retrieve the decoded\hich\af224\dbch\af40\loch\f40  \hich\af224\dbch\af40\loch\f40 content of the message.
\par \hich\af224\dbch\af40\loch\f40 It seems to be perfect, but there remains another issue:
\par 
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Design Problem 2: }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \u8232\'3f}{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
Since the server is basically a router which is responsible for reformatting and transferring all the messages. It is hardly possible to know the real send\hich\af41\dbch\af40\loch\f40 
er without any additional effort. If the previous example is revisited: When Carol gets the message from Alice, the virtual server, although she could decipher the message, she wouldn}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
t know the real sender. This is because of that the messages do not cont\hich\af41\dbch\af40\loch\f40 ain any source information. Conceivably, Carol will assume the message was started by {\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}
, since it is {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} that Carol received the message from.  However it was originated by Bob. There is no such support mechanisim for message tracking}{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  or }{\rtlch\fcs1 
\af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 transitive
\hich\af41\dbch\af40\loch\f40  authentication}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40 
 in either the MSN protocol or GAIM project. The solution proposed is to add another tag after the receiver tag to indicate the real sender like what we did to classify the receiver. In accordance with the previous example 2, now all the me
\hich\af41\dbch\af40\loch\f40 ssages will appear to be the following format:
\par 
\par \hich\af41\dbch\af40\loch\f40 Part One: Message from Bob to {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par \hich\af4\dbch\af40\loch\f4 Bob->{\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}:
\par \hich\af4\dbch\af40\loch\f4 ?RECV?Alice@hotmail.com?ENDRECV?
\par \hich\af4\dbch\af40\loch\f4 + ?SEND?Bob@hotmail.com?ENDSEND?
\par \hich\af4\dbch\af40\loch\f4 + <Encrypted Message>
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af224\afs20 \ltrch\fcs0 
\fs20\loch\af224\hich\af224\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 Part Two: Retransferred message from {\*\xmlopen\xmlns2{\factoidname 
City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} to Carol
\par \hich\af224\dbch\af40\loch\f40  
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}\hich\af4\dbch\af40\loch\f4 Alice{\*\xmlclose}{\*\xmlclose}->Carol:
\par \hich\af4\dbch\af40\loch\f4 ?RECV?Carol@hotmail.com?ENDRECV?
\par \hich\af4\dbch\af40\loch\f4 + ?SEND?Bob@hotmail.com?ENDSEND?
\par \hich\af4\dbch\af40\loch\f4 + <Encrypted Message>
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 
\par \hich\af4\dbch\af40\loch\f40 Till to this point, the messages include all the necessary tags to identify both the real sender and the receiver.
\par }{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Design Problem 3: }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \u8232\'3f}{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 In the MSN IM protocol, every one\hich\af41\dbch\af40\loch\f40 
 in a chat room has the same privilege, which means there is no special power for one to be the }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 owner}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  of the chat room established via the MSN IM server. Every one in the chat room can invite another buddy without restriction. Such scenario causes the GO
\hich\af41\dbch\af40\loch\f40 
TR protocol a serious problem. For example, assume a new user has been invited to the GOTR session, in order to keep the chat room in protection, the new user should first do a key-exchange with the virtual server and build up the private connection like 
\hich\af41\dbch\af40\loch\f40 e\hich\af41\dbch\af40\loch\f40 very one else. But neither the MSN protocol nor the GAIM implementation supports the ability to tell the }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 owner}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
 of a chat room, which would be our virtual server. Since we would like to offer participants a degree of security via OTR, there is a work arou\hich\af41\dbch\af40\loch\f40 
nd to the aforementioned problem in the following way: Each member of the chat room keeps some additional information and they are recorded in a file named otr.chatinfo located in the .gaim folder, which is used by GAIM to keep configuration files. This f
\hich\af41\dbch\af40\loch\f40 i\hich\af41\dbch\af40\loch\f40 le is designed to have the following format:
\par 
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f4 ?AC?[account name] ?CID?[chat_id]
\par \hich\af4\dbch\af40\loch\f4 ?HOST?[host name] ?STAT?[security level]
\par }\pard \ltrpar\qc \li0\ri0\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af224\afs20 \ltrch\fcs0 
\fs20\loch\af224\hich\af224\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 AC}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 : Indicates the account name of the user who owns the current conversation window. }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\loch\af40\hich\af41\dbch\f40 \u8232\'3f}{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 CID}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40 : }{\rtlch\fcs1 \af224\afs20 \ltrch\fcs0 \fs20\loch\af224\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f224 chat_id}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 
\hich\af224\dbch\af40\loch\f40  is used by GAIM to identify differe\hich\af224\dbch\af40\loch\f40 nt chat rooms. }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \u8232\'3f}{\rtlch\fcs1 
\ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 HOST}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
: The user who has been made the virtual server for the MSN chat session. }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \u8232\'3f}{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 
\b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 STAT}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
: Indicates the security level defined by the OTR library; the security level can be: 
\par }\pard \ltrpar\ql \li0\ri0\sb280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 0 indicates no private conversation. 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 1 indicates private session over. 
\par }\pard \ltrpar\ql \li0\ri0\sa280\nowidctlpar\tx720\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 2 indicates private session. 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 Implementation Assumptions:}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \u8232\'3f}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 It is assumed that, the user who initiates the private conversation would be the virtual server. For example:
\par {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}\hich\af41\dbch\af40\loch\f40 Alice{\*\xmlclose}{\*\xmlclose} starts a private conversation, and therefore, she is the virtual server. So her otr.chatinfo would look like:
\par 
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f4 ?AC?Alice@hotmail.com ?CID?1
\par \hich\af4\dbch\af40\loch\f4 ?HOST?Alice@hotmail.com ?STAT?2
\par }\pard \ltrpar\qc \li0\ri0\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af224\afs20 \ltrch\fcs0 
\fs20\loch\af224\hich\af224\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 
For all other users, when a private conversation is requested by the virtual \hich\af224\dbch\af40\loch\f40 server (e.g. Alice). The invited user will write the following information to his/her otr.chatinfo file:
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par \hich\af4\dbch\af40\loch\f4 ?AC?Bob@hotmail.com ?CID?2
\par \hich\af4\dbch\af40\loch\f4 ?HOST?Alice@hotmail.com ?STAT?0
\par }\pard \ltrpar\qc \li0\ri0\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af224\afs20 \ltrch\fcs0 
\fs20\loch\af224\hich\af224\dbch\af40\insrsid11499266 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 Notice that the conversation}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af224\dbch\af40\insrsid11499266 \loch\af40\hich\af224\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af224\dbch\af40\insrsid11499266 \hich\af224\dbch\af40\loch\f40 
s security status is initiated to be 0 (not private). After t\hich\af224\dbch\af40\loch\f40 hey finish the first key exchange round and establish the private communication channel, the security status will be changed to 2 (private level) accordingly:

\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par \hich\af4\dbch\af40\loch\f4 ?AC?Bob@hotmail.com ?CID?2
\par \hich\af4\dbch\af40\loch\f4 ?HOST?Alice@hotmail.com ?STAT?2
\par 
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 Now, we are confident to say that Al\hich\af4\dbch\af40\loch\f40 ice, Bob and Carol are talking privately under our GOTR system.
\par 
\par }{\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 4.3 Additional integrity check requirement
\par 
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
In a two-party OTR conversation, the integrity of a message is assured by using Message Authentication Code (MAC) generated by a cryptographic hash\hich\af41\dbch\af40\loch\f40 
 function. If a malicious user captures and changes a message during its transmission, it will result an unreadable text after the end-user decrypts it (i.e. the use of the malleable stream cipher does not compromise the integrity property. In the stream 
\hich\af41\dbch\af40\loch\f40 c\hich\af41\dbch\af40\loch\f40 
ipher encryption, you can make any changes in the encrypted message and it will still be valid according to the decryption routine, but this does not ensure that the decrypting process will produce a meaningful and human readable message.) 
\par 
\par \hich\af41\dbch\af40\loch\f40 
However, in GOTR implementation, our design brings up an additional security issue. The adding of a virtual server makes the integrity check a whole different situation in the GOTR protocol. As mentioned before, the virtual server is responsible for relay
\hich\af41\dbch\af40\loch\f40 i\hich\af41\dbch\af40\loch\f40 
ng all the messages and has fully control on all network packages. If there were no extra integrity check in place, which ensures that the virtual server will not change any of the messages, we would merely relay on the honesty of the virtual server. And 
\hich\af41\dbch\af40\loch\f40 a\hich\af41\dbch\af40\loch\f40 
lso, here is always a possibility that the virtual server gets attacked. Hence, if the virtual server turns into a malicious node, it could easily read messages from a user, modify it, and then send it to the other users. 
\par 
\par \hich\af41\dbch\af40\loch\f40 Continuing with our previous GOT\hich\af41\dbch\af40\loch\f40 R example: Alice, Bob and Carol, three users are having a GOTR chat, and {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice
{\*\xmlclose}{\*\xmlclose} is the virtual server.
\par }\pard \ltrpar\qc \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par \hich\af41\dbch\af40\loch\f40 Figure 2: GOTR extended Communication Schema with MD5 integrity check
\par 
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
The solidity and secrecy of the communications between Alice and Bob as well as Al\hich\af41\dbch\af40\loch\f40 
ice and Carol are guarded by the original OTR protocol. But we are not confident that Alice, the virtual server, will never change the content of any message while relaying them from Bob to Carol. {\*\xmlopen\xmlns2{\factoidname City}}
{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} has full control of all messages and she can easily \hich\af41\dbch\af40\loch\f40 c\hich\af41\dbch\af40\loch\f40 hange a word or even the entire message, since she knows both sides}{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
 shared secrets (shared keys). Therefore, additional effort is needed to verify the completeness of these messages.
\par 
\par \hich\af41\dbch\af40\loch\f40 Redundancy check is well known and is often used in telecommunicating n\hich\af41\dbch\af40\loch\f40 
etwork for the purposes of error detection and correction. It adds an extra piece of information to each message package. Normally, this piece of code is much shorter than the whole package and can be reproduced by using a predefined hash algorithm. When 
\hich\af41\dbch\af40\loch\f40 t\hich\af41\dbch\af40\loch\f40 
he other side of the channel receives this package, he / she can use the same hash function to calculate the message digest and compare the resulting value with the digest code attached on that package. He / she can conclude that the message is not corrup
\hich\af41\dbch\af40\loch\f40 t\hich\af41\dbch\af40\loch\f40 ed during the transmission, if these two values match.
\par 
\par \hich\af41\dbch\af40\loch\f40 If only error detection is required, the checksum algorithm is obviously the most widely used and simplest way. It works by adding up basic components of data, typically the asserted bits, and sending
\hich\af41\dbch\af40\loch\f40 
 the result along with the original message. Anyone who receives this message plus its checksum can later perform the same operation and compare the resulting value with the checksum. S/he can conclude that the message is not corrupted during the transmis
\hich\af41\dbch\af40\loch\f40 s\hich\af41\dbch\af40\loch\f40 
ion, if these two values match. Some other redundancy check methods include parity check, check digits, cyclic redundancy check (CRC) and so on. For instance, a CRC function often takes a various length of stream data as input and produces a fixed size of
\hich\af41\dbch\af40\loch\f40  \hich\af41\dbch\af40\loch\f40 value as output. Basically, any kind of hash function can be used to produce message digest for verifying the message integrity.
\par 
\par \hich\af41\dbch\af40\loch\f40 In our GOTR protocol, we use the same idea to prevent the messages from being changed by the virtual server, but a different i\hich\af41\dbch\af40\loch\f40 
mplementation in detail. We think that the integrity of the messages can be assured by maintaining MD5 (any one-way hash function should be applicable) values of the original plain-text messages verifying them periodically. In order to keep it simple, let
\hich\af41\dbch\af40\loch\f40  \hich\af41\dbch\af40\loch\f40 us continue with the previous examples:
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\cf2\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 Carol receives a message, which is under Bob}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 
\loch\af40\hich\af4\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 s name, but how could she verify that {\*\xmlopen\xmlns2{\factoidname City}}
{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} has not changed the message? Solution: when Bob says something, he could attach an additional message digest (i.e. hash value \hich\af4\dbch\af40\loch\f40 
generated by MD5 algorithm), a unique identifier (i.e. timestamp) along with the original message. And as we discussed, in MSN IM protocol, messages are broadcast in a chat room session, so that Alice has no control to prevent Carol from receiving the aut
\hich\af4\dbch\af40\loch\f40 h\hich\af4\dbch\af40\loch\f40 entic message digest (i.e. Carol would not be able to decrypt the message part, but this does not hinder her from getting the message}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af4\dbch\af40\insrsid11499266 \loch\af40\hich\af4\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 
s MD5 hash value. She could simply discard the unreadable message, but keep the hash value). Thus, Carol could use this kn\hich\af4\dbch\af40\loch\f40 owledge to verify the messages}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af4\dbch\af40\insrsid11499266 \loch\af40\hich\af4\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f40 
 integrity, when she receives the re-encrypted copy from {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}. In detail, the only thing she needs to do is: decrypts the message from 
{\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}, calculates the MD5 value over the plain-text message and compares this value with \hich\af4\dbch\af40\loch\f40 
the one she gained from Bob. If they are same, which means, {\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose} has not changed the content of what Bob said; otherwise, {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice
{\*\xmlclose}{\*\xmlclose} has been cheating. This approach will cause further traffic. However, an automated way of checking integrity of messages would\hich\af4\dbch\af40\loch\f40  \hich\af4\dbch\af40\loch\f40 be more beneficial than drawback.
\par 
\par \hich\af4\dbch\af40\loch\f40 As shown in the figure 2, the communication channel between the virtual server, Alice and the others, Bob and Carol, are secured and off-the-record, but the messages exchanged between Bob and Carol are not encrypted and i
\hich\af4\dbch\af40\loch\f40 
n plain-text. Although we cannot transfer the real message through this unprotected channel, we can still send message digests. When Bob wants talk to Carol in the GOTR chat room, he can send the real content through the private channel (i.e. which passed
\hich\af4\dbch\af40\loch\f40  \hich\af4\dbch\af40\loch\f40 through the virtual server) along with a unique identifier:
\par 
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f4 Bob->Alice, Carol:
\par \hich\af4\dbch\af40\loch\f4 ?RECV?Alice@hotmail.com?ENDRECV?
\par \hich\af4\dbch\af40\loch\f4 + ?SEND?Bob@hotmail.com?ENDSEND?
\par \hich\af4\dbch\af40\loch\f4 + ?UID?unix_timestamp?ENDUID?
\par \hich\af4\dbch\af40\loch\f4 + <Encrypted Message>
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 
\par \hich\af4\dbch\af40\loch\f40 Meanwhile, he will compute the message MD5 digest and giv\hich\af4\dbch\af40\loch\f40 e it along with the unique ID to Carol for the verification.
\par 
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\loch\af4\hich\af4\dbch\af40\insrsid11499266 \hich\af4\dbch\af40\loch\f4 Bob->Carol, {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}:
\par \hich\af4\dbch\af40\loch\f4 ?RECV?MD5_value?ENDRECV?
\par \hich\af4\dbch\af40\loch\f4 + ?UID?unix_timestamp?ENDUID?
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af4\dbch\af40\insrsid11499266 
\par \hich\af4\dbch\af40\loch\f40 Carol gets both the relayed message from {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}
 and the message digest from Bob and matches them by the unique ID. She computes the message digest on the message from {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}
 and compares it with the one she receives from Bob. These two values are supposed t\hich\af4\dbch\af40\loch\f40 o\hich\af4\dbch\af40\loch\f40 
 be the same because they are calculated on the same message and used the same predefined hash function. They will not match, only if {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose}
 has changed the message or the network package has been corrupted. Carol should not trust this message if either of\hich\af4\dbch\af40\loch\f40  \hich\af4\dbch\af40\loch\f40 
these situations occurs, and she can open another two-party OTR conversation with Bob and verify it.
\par 
\par \hich\af4\dbch\af40\loch\f40 We chose MD5 algorithm for a number of reasons. First, MD5 hash function has very good non-duplicate property. It is hardly possible to find two have the \hich\af4\dbch\af40\loch\f40 
same MD5 code from two different inputs. If chose a hash function which has too much collision, eventually it will be possible for a malicious user to alter the content but still produce the same message digest. Moreover, MD5 has been implemented as share
\hich\af4\dbch\af40\loch\f40 d\hich\af4\dbch\af40\loch\f40 
 library in lots of the major programming languages including C, C++, Java, PHP, etc. And it also has been included in the libgcrypt[], which is already used in OTR to provide the basic cryptographic functions. Therefore, not too much extra programming ef
\hich\af4\dbch\af40\loch\f40 f\hich\af4\dbch\af40\loch\f40 ort is needed to support MD5 service.
\par 
\par }{\rtlch\fcs1 \ab\af41\afs27 \ltrch\fcs0 \b\fs27\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 4.4 Evaluation of the GOTR protocol
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
There is always performance concerns when a security solution is implemented. One question would be how many users a GOTR chat room session could hold. Obviously, having more users \hich\af41\dbch\af40\loch\f40 
in a chat room means more network traffic and longer processing time, which eventually will cause noticeable lag. In addition, a GOTR chat room session uses a virtual server which routes all the messages, which increases the number of network packets tran
\hich\af41\dbch\af40\loch\f40 s\hich\af41\dbch\af40\loch\f40 
mitted during a conversation. We have not performed any sophisticated test such as comparing transit time of each message, counting how many extra packets are caused by a GOTR chat room etc., but we performed several user experience tests. We have tested 
\hich\af41\dbch\af40\loch\f40 o\hich\af41\dbch\af40\loch\f40 
ur Pidgin GOTR plug-in with up to ten users in a single chat room and there was no noticeable delay. Theoretically, the limitation of the number of a chat room session is the maximum number of users which a MSN server can handle in a chat room session. We
\hich\af41\dbch\af40\loch\f40  \hich\af41\dbch\af40\loch\f40 will perform more detailed tests in our next version of GOTR.
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs36 \ltrch\fcs0 \b\fs36\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 5\~Conclusions and Future Work
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 
There is a need for secure chat room environments via the existing IM infrastructure, and therefore an approach to extend OTR to provide secure chat room support vi\hich\af41\dbch\af40\loch\f40 
a IM is provided. The proposed approach is useful in addressing the needs of individuals (e.g. small businesses where confidentiality of information is crucial) to have off-the-record and secure meetings with virtually has no cost. As proof of concept, a 
\hich\af41\dbch\af40\loch\f40 p\hich\af41\dbch\af40\loch\f40 
lug-in for GAIM was developed. Although the current implementation only supports chat rooms via the MSN IM network, the idea can be easily extended to other IM protocols such as Yahoo IM, AOL IM, etc. 
\par 
\par \hich\af41\dbch\af40\loch\f40 Some additional network traffic might be an overhead \hich\af41\dbch\af40\loch\f40 
introduced by the proposed approach, it is considered to be preferable rather than dealing with the complicated issue of group key-exchanging protocols particularly in the Deffie-Hellman key agreement protocol. The performance of group key management algo
\hich\af41\dbch\af40\loch\f40 r\hich\af41\dbch\af40\loch\f40 
ithm remains an issue. Although having some light and small extra packet payloads, will not hinder the performance as much as a complex group key management protocol would. Actually, since the payloads and the network bandwidth traffics are distributed to
\hich\af41\dbch\af40\loch\f40  \hich\af41\dbch\af40\loch\f40 
every chat member, the performance is not an issue for those participants except for the virtual server.  But, the result of the initial test shows that the performance for the virtual server is still ideal.
\par \hich\af41\dbch\af40\loch\f40  
\par }{\rtlch\fcs1 \ab\af41\afs36 \ltrch\fcs0 \b\fs36\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 6. Future Work
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 The issue of how to deal with a\hich\af41\dbch\af40\loch\f40 
 new user (no matter who invited him/her, could or could be the virtual server) remains. Ideally, the dedicated virtual server should be responsible to respond the change of the secure status due to a new joined member. In other words, when a new user, sa
\hich\af41\dbch\af40\loch\f40 y\hich\af41\dbch\af40\loch\f40 
 Eve, joins the private chat room and breaks the security (i.e. since Eve does not have any shared secrets with any members in that chat room), the virtual server, Alice, should react accordingly. {\*\xmlopen\xmlns2{\factoidname City}}
{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} could restart the whole key-exchange process pair-wi\hich\af41\dbch\af40\loch\f40 s\hich\af41\dbch\af40\loch\f40 
ely, which is the same process as fully key refreshment, but including the new member, Eve, this time. And after the reestablishment of the keys, it becomes a normal OTR chat room session. Or, as mentioned }{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \ab\af41 \ltrch\fcs0 \b\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 \hich\f41 Design Problem 3\'d3\loch\f41 , }{
\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 the server could individually \hich\af41\dbch\af40\loch\f40 
do the key exchange with the new user, which will fitly keep the privacy of the whole chat room. Now, the solution to this problem is the virtual server needs react manually. But in our next version of GOTR chat room, this problem will be addressed in ter
\hich\af41\dbch\af40\loch\f40 m\hich\af41\dbch\af40\loch\f40 
s of reestablish the private conversation session automatically. Basically, we have two choices: one, as we said, is to do a full key-refreshment together with the new member; and another one is only do a peer-to-peer OTR key-exchange between the virtual 
\hich\af41\dbch\af40\loch\f40 s\hich\af41\dbch\af40\loch\f40 erver and the new user. Either way could solve this problem, but we prefer the first scenario, since it will help to enhance the security by the extra full key refreshment.
\par 
\par }{\rtlch\fcs1 \af4\afs20 \ltrch\fcs0 \fs20\cf1\loch\af4\hich\af4\dbch\af40\insrsid11499266 
\par 
\par }\pard \ltrpar\ql \li0\ri0\sb280\sa280\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \ab\af41\afs36 \ltrch\fcs0 \b\fs36\loch\af41\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f41 References
\par }\pard \ltrpar\ql \li0\ri0\nowidctlpar\wrapdefault\faauto\rin0\lin0\itap0 {\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 [1] (2006) Windows live messenger. Microsoft Corp. [Online]. Available:

\par \hich\af41\dbch\af40\loch\f40 http://get.live.com/messenger/features
\par \hich\af41\dbch\af40\loch\f40 [2] (2006) American online, aim. American Online. [Online]. Available:
\par \hich\af41\dbch\af40\loch\f40 http://aimexpress.aol.com/
\par \hich\af41\dbch\af40\loch\f40 [3] (2006) Chat history saving. Google. [Online\hich\af41\dbch\af40\loch\f40 ]. Available:
\par \hich\af41\dbch\af40\loch\f40 http://www.google.com/talk/chathistory.html
\par \hich\af41\dbch\af40\loch\f40 [4] (2006) The irc prelude. IRCHELP.ORG. [Online]. Available:
\par \hich\af41\dbch\af40\loch\f40 http://www.irchelp.org/irchelp/new2irc.html
\par \hich\af41\dbch\af40\loch\f40 [5] N. Borisov, I. Goldberg, and E. Brewer, }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Off-the-record communication,
\par \hich\af41\dbch\af40\loch\f40 or, why not to use pgp,}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  in WPES }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 04: Proceedings of the 2004 ACM
\par \hich\af41\dbch\af40\loch\f40 workshop on Privacy in the electronic society. {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}New York{\*\xmlclose}, {\*\xmlopen\xmlns2{\factoidname City}}NY{\*\xmlclose}, 
{\*\xmlopen\xmlns2{\factoidname City}}USA{\*\xmlclose}{\*\xmlclose}:
\par \hich\af41\dbch\af40\loch\f40 ACM Press, 2004, pp. 77}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \endash }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40 84.
\par \hich\af41\dbch\af40\loch\f40 [6] M. D. Raimondo, R. Gennaro, and H. Krawczyk, }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Secure off-the-record
\par \hich\af41\dbch\af40\loch\f40 messaging,}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40  in WPES }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8217\'81\'66}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40 05:\hich\af41\dbch\af40\loch\f40  Proceedings of the 2005 ACM workshop on
\par \hich\af41\dbch\af40\loch\f40 Privacy in the electronic society. {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}New York{\*\xmlclose}, {\*\xmlopen\xmlns2{\factoidname City}}NY{\*\xmlclose}, {\*\xmlopen\xmlns2{\factoidname City
}}USA{\*\xmlclose}{\*\xmlclose}: ACM Press,
\par \hich\af41\dbch\af40\loch\f40 2005, pp. 81}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \endash }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40 89.
\par \hich\af41\dbch\af40\loch\f40 [7] Information Processing Systems - Open Systems Interconnection
\par \hich\af41\dbch\af40\loch\f40 Reference Model - Security Architecture, International Organization\hich\af41\dbch\af40\loch\f40  for
\par \hich\af41\dbch\af40\loch\f40 Standardization Std. 7498-2, 1988.
\par \hich\af41\dbch\af40\loch\f40 [8] (2006) Simppro: Instant messengers, instant security. Secway. [Online].
\par \hich\af41\dbch\af40\loch\f40 Available: http://www.secway.fr/us/products/simppro/
\par \hich\af41\dbch\af40\loch\f40 [9] (2006, Oct.) What is gaim? Gaim Project. [Online]. Available:
\par \hich\af41\dbch\af40\loch\f40 http://gaim.sourcefor\hich\af41\dbch\af40\loch\f40 ge.net/about.php
\par \hich\af41\dbch\af40\loch\f40 [10] Gaim-encryption. Gaim-Encryption Project. [Online]. Available:
\par \hich\af41\dbch\af40\loch\f40 http://gaim-encryption.sourceforge.net/
\par \hich\af41\dbch\af40\loch\f40 [11] R. L. Rivest, }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40 The rc5 encryption algorithm,}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  in In the Proceedings of
\par \hich\af41\dbch\af40\loch\f40 the Second International Workshop on Fast Software Encr\hich\af41\dbch\af40\loch\f40 yption. FSE,
\par \hich\af41\dbch\af40\loch\f40 1994, p. 8696.
\par \hich\af41\dbch\af40\loch\f40 [12] (2002) Gaim-e, encryption plug-in for gaim. Gaim-e Project. [Online].
\par \hich\af41\dbch\af40\loch\f40 Available: http://gaim-e.sourceforge.net/
\par \hich\af41\dbch\af40\loch\f40 [13] Cerulean studios: Learn about trillian. Cerulean Studios. [Online].
\par \hich\af41\dbch\af40\loch\f40 Available: http://www.ceruleanstudios.\hich\af41\dbch\af40\loch\f40 com/learn/
\par \hich\af41\dbch\af40\loch\f40 [14] D. P. Jablon, }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40 Strong password-only authenticated key exchange,}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par \hich\af41\dbch\af40\loch\f40 Computer Communication Review, vol. 26, no. 5, pp. 5}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \endash }{\rtlch\fcs1 \af40 \ltrch\fcs0 
\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 26, 1996.
\par \hich\af41\dbch\af40\loch\f40 [Online]. Available: citeseer.ist.psu.edu/jablon96strong.html
\par \hich\af41\dbch\af40\loch\f40 [15] (1999) Rfc2631:diffie-hellman key agreement method. The
\par \hich\af41\dbch\af40\loch\f40 Internet Society - Network Working Group. [Online]. Available:
\par \hich\af41\dbch\af40\loch\f40 http://www.ietf.org/rfc/rfc2631.txt
\par \hich\af41\dbch\af40\loch\f40 [16] H. Krawczyk, }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8220\'81\'67}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40 Skeme: a versatile secure key exchange mechanism for
\par \hich\af41\dbch\af40\loch\f40 internet,}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \loch\af40\hich\af41\dbch\f40 \uc2\u8221\'81\'68}{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\hich\af41\dbch\af40\loch\f40  sndss, vol. 0\hich\af41\dbch\af40\loch\f40 0, p. 114, 1996.
\par \hich\af41\dbch\af40\loch\f40 [17] (2005) Off-the-record messaging protocol version 2.
\par \hich\af41\dbch\af40\loch\f40 Off-the-Record Messaging Project. [Online]. Available:
\par \hich\af41\dbch\af40\loch\f40 http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.html
\par 
\par }{\rtlch\fcs1 \af40\afs20 \ltrch\fcs0 \fs20\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40  (Formerly named Gaim, which is a famous multi-platform open source IM cl\hich\af41\dbch\af40\loch\f40 
ient that supports various Instant Messaging protocols)
\par \tab \hich\af41\dbch\af40\loch\f40  }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 an old message is a message for which the encryption-transmission-decryption cycle is completed}{\rtlch\fcs1 
\af40\afs20 \ltrch\fcs0 \fs20\loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par \hich\af41\dbch\af40\loch\f40  This denotes that actually both Carol and Alice will receive this message. {\*\xmlopen\xmlns2{\factoidname City}}{\*\xmlopen\xmlns2{\factoidname City}}Alice{\*\xmlclose}{\*\xmlclose} could use this infor
\hich\af41\dbch\af40\loch\f40 
mation to do an extra integrity check, but since the integrity is assured by OTR protocol, it is just waste of time to do so. Similar situation happened in the previous encrypted message too, but this time, this encrypted message makes no sense to Carol a
\hich\af41\dbch\af40\loch\f40 t\hich\af41\dbch\af40\loch\f40  all, since it is encrypted with SS}{\rtlch\fcs1 \af40\afs20 \ltrch\fcs0 \fs20\sub\loch\af40\hich\af41\dbch\af40\insrsid11499266 \hich\af41\dbch\af40\loch\f40 Alice&Bob. }{\rtlch\fcs1 
\af40\afs20 \ltrch\fcs0 \fs20\loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par }{\rtlch\fcs1 \af40 \ltrch\fcs0 \loch\af40\hich\af41\dbch\af40\insrsid11499266 
\par 
\par 
\par 
\par 
\par 
\par 
\par 
\par 
\par 
\par 
\par }}